Jo looked like the candidate every company hopes to find.

Disciplined. Responsive. Tireless.

He logged in before sunrise and stayed online late into the night. He applied to dozens of jobs a day, followed up consistently, and moved quickly through the hiring process. On paper—and even in early conversations—he was exactly what companies struggling to fill technical roles were searching for.

So when he landed an interview for an artificial intelligence position at a U.S. cybersecurity firm, nothing seemed out of the ordinary.

During the interview, he said he was calling from Florida. The conversation turned briefly to the weather, and he referenced a recent hurricane. It was a small detail, the kind most people wouldn't question. Except there hadn't been a hurricane.

When he was asked to share his screen, he hesitated, glanced off-camera, and abruptly disconnected. The call ended without explanation.

Most companies would have simply moved on to the next candidate. This one did not.

The firm—Nisos, a Virginia-based security and investigations company—decided to take a different approach. Instead of rejecting the applicant, they made him an offer. They hired him, not out of confidence, but out of curiosity. Something didn't add up, and they wanted to understand why.

They sent him a company laptop equipped with monitoring tools designed to quietly observe how it would be used.

As soon as the laptop came online, it connected to a broader network—one that included dozens of other devices operating simultaneously. Investigators quickly realized they were not dealing with a single remote employee, but with a "laptop farm," a physical setup within the United States designed to make overseas workers appear as though they were logging in domestically.

Over the following weeks, Nisos uncovered a coordinated operation. The individual they had hired was part of a larger team—dozens of workers collaborating in real time. They shared job applications, coordinated interviews, and even served as references for one another. Some applied to thousands of positions each year. Others held multiple jobs simultaneously, cycling through identities when one was flagged or terminated.

The operation was structured, measured, and efficient. Workers tracked performance metrics and communicated regularly, much like any distributed corporate team. The difference was that their objective was not professional growth—it was access and income at scale.

And the destination of that income raised the stakes considerably.

According to investigators and U.S. authorities, operations like this are tied to North Korea. The earnings—sometimes reaching hundreds of thousands of dollars per worker—are funneled back to the regime, helping it evade international sanctions and fund weapons programs, including ballistic missile development.

What appeared to be a routine hiring process was, in reality, a potential pipeline into a nation-state operation.

This was not an isolated incident. Over the past several years, U.S. government agencies and cybersecurity firms have warned that North Korean IT workers have systematically targeted Western companies, particularly in remote technical roles. Using stolen or fabricated American identities, they build credible résumés, perform well in interviews—often aided by artificial intelligence—and integrate into corporate environments.

In some cases, they have gained access to sensitive systems, proprietary data, and financial assets. There have been reports of cryptocurrency theft, extortion attempts, and concerns about the installation of persistent backdoor access within corporate networks. Even when discovered and removed, the question remains: what, if anything, was left behind?

The challenge is compounded by scale. These workers apply to jobs in high volume, often submitting dozens of applications per day. The shift to remote work has made it significantly easier to operate undetected. Companies that once relied on in-person verification now conduct entire hiring processes virtually, creating new opportunities for deception.

Major technology companies have not been immune. Authorities have documented attempts—and in some cases successful placements—within large organizations including Amazon and Google. These are companies with sophisticated security infrastructures, yet even they have struggled to identify highly skilled impostors operating under convincing identities.

The implications extend beyond individual companies. The concern is not just about fraudulent employment or financial loss, but about infiltration. Once inside, these individuals operate with legitimate credentials, blending seamlessly into distributed teams. They do not need to hack their way in—they are invited.

For organizations, the lesson is both simple and uncomfortable. The hiring process is no longer just about evaluating qualifications and cultural fit. It is also about verifying identity, intent, and risk. The front door of the organization—the interview, the onboarding, the shipment of a company laptop—has become a point of vulnerability.

Every candidate is not just a potential employee, but a potential entry point.

In the world of espionage, gaining access has always been the hardest part. Today, that access may come not through sophisticated cyberattacks, but through a well-crafted résumé and a convincing interview.

And sometimes, all it takes to expose it is a single question about a hurricane that never happened.

Want to learn more? Check out Nisos’s blog.

In 2025, more than a million Americans received some version of it — an investment tip, a crypto opportunity, a trusted voice on the other end of a screen. It felt legitimate. Often personal. Always urgent. And by the time victims realized something was wrong, the money was gone. According to the FBI's latest Internet Crime Report, cybercriminals pulled off one of the largest financial heists in history — nearly $21 billion stolen in a single year, driven largely by cryptocurrency scams and increasingly sophisticated AI-enabled fraud. This wasn't hacking in the traditional sense. No firewalls were smashed. No systems were breached. Just people.

Cryptocurrency has become the weapon of choice, with Americans losing more than $11 billion to crypto-related scams in 2025 alone—the single largest category of cybercrime losses. The playbook is deceptively simple: criminals build trust over weeks or months before introducing a "can't-miss" investment opportunity, guiding victims to slick, professional-looking platforms that mimic legitimate exchanges. Early returns may even appear real, reinforcing confidence. Then, when victims try to withdraw their money, they're hit with unexpected fees, taxes, or delays, followed by silence. The platform disappears. The contact vanishes. The funds are unrecoverable.

What makes these scams so effective today is scale and precision. AI tools are now used to craft convincing messages, clone voices, and impersonate trusted brands or individuals, producing a level of realism that makes even cautious users vulnerable.

I’ve said it a thousand times: Trust is now an uncommon commodity.

With April 15 marking Tax Day in the United States this week, it's worth noting that this is peak season for IRS impersonators and tax-related fraud; readers should be especially skeptical of any unsolicited messages claiming to be from the IRS, demanding payment, or requesting personal information. Cybercrime has evolved from breaking in to being invited in, and social engineering has become the primary attack vector responsible for the vast majority of financial losses reported to the FBI.

The next major cyber incident your organization faces may not begin with malware or ransomware. It may begin with a message that looks legitimate, sounds familiar, and feels safe. Because in today's threat landscape, the most dangerous vulnerability isn't your network. It's human belief.

The NSA and FBI are warning that Russian military intelligence (GRU) hackers are actively exploiting vulnerable home and office routers to spy on networks, steal credentials, and reroute internet traffic through attacker-controlled systems. These aren’t obscure, high-end targets—these are everyday routers sitting in homes and small businesses, often unpatched, misconfigured, and quietly compromised without the owner ever knowing. 

The fix isn’t complicated. Reboot your router regularly, update firmware, change default passwords, and replace outdated devices that no longer receive security updates. In today’s threat landscape, attackers don’t always break into your network, they take over the device that connects you to it. 

Please Leave a 5-star review on Amazon or on Goodreads.

🎤  I’m on the road doing speaking events. If your company or organization is interested in bringing me to a stage in 2026, book me to speak at your next event.

If you’ve ever paused at an email, login alert, or message and thought, “Could this happen to me?”—my Linkedin Learning course is for you! Login and start learning here.

A humanoid robot named “Edward Warchocki” just chased off a group of wild boars in Warsaw Poland. While it’s rather funny, it’s also quite extraordinary. This wasn’t pre-programmed movement; it required AI to see and track fast, unpredictable targets, make real-time decisions, and control a two-legged machine running, balancing, and adjusting on the fly without falling. Once AI can reliably keep robots mobile and stable in chaotic environments, you’re no longer looking at machines that just follow commands—you’re looking at systems that can act independently in the real world. Today it’s boars. Tomorrow, it’s everything.

Please support my sponsors. It only takes a click - no purchase necessary!

Most AI newsletters are written for engineers. This one isn't.

The AI Report is read by 400,000+ executives, operators, and business leaders who want to know what's happening in AI — without wading through code, jargon, or hype.

Every weekday, we break down the AI stories that matter to your business: what's being deployed, what's actually working, and what it means for your team.

Free. 5 minutes. Straight to the point.

Join 400,000+ business leaders staying ahead of AI — without the technical overwhelm.

Read it free today

Don’t miss a newsletter! Subscribe to Spies, Lies & Cybercrime for our top espionage, cybercrime and security stories delivered right to your inbox. Always weekly, never intrusive, totally secure.

Stay safe out there!

~ Eric