How to Avoid Hiring a North Korean Spy on Your Dev Team

About a month ago, a very strange candidate showed up for a job interview for a senior Java engineer role. He spoke bad English, behaved oddly, and answered the simplest questions in a bizzare way. Two weeks later, the same guy shows up for an interview for a different engineer job under a different name.

A cup of steaming coffee

Imagine hiring a senior engineer who turns out to be fake and potentially dangerous—attempting to install malware, steal sensitive data, or extort your company. Believe it or not, this scenario is increasingly common, particularly with fake engineers posing as legitimate candidates, some allegedly linked to the North Korean regime.

How do you spot them? Someone is hiring them because otherwise, they would not continue trying. Let's hope you're not going to be next.

I've now seen multiple fake candidates with similar patterns. The risk isn't hypothetical—it's very real.

Here's a practical checklist to help identify potentially malicious or fake candidates.

Before the interview

First, there are some things to check before the interview or right at the start of the interview. None of these are red flags on their own. You might see one or two of these things in legitimate candidates. However, trust your gut feeling if you see a few of these signs.

  1. Check their LinkedIn profile
    • In all cases, their resume pointed to a non-existing LinkedIn profile
  2. Check their home address
    • Two fake candidates listed the municipal court as his home address.
  3. Call their phone number
    • If it is disconnected or does not exist, that's a bad sign.
  4. Does their resume fit too well?
    • All the candidates had excellent resumes, which seemed tailored to the role. While it is good practice to tailor your resume to a role to show your best side, real programmers aren't doing it as well as these fake candidates.
  5. Does their name match their background
    • Candidates using mismatched names (e.g., a clearly Asian candidate with an Eastern European name who cannot pronounce it convincingly).

During the interview

Their resume seemed off, so your guard is up. The candidate shows up. What should you do next?

  1. Ask them to turn off their virtual background
    • They will likely refuse. If they don't, take a look to see if this is the type of place where your candidate claims to be.
  2. Ask them about their university
    • Who was their favorite professor? Which dorm they lived in? Fake candidates struggle to provide realistic details.
  3. Ask them about the city where they live
    • What is their favorite restaurant? Where do they like to go for a walk? These are the kinds of things normal people can answer without effort. On the other hand, if you are lying, it will be fairly obvious.
  4. Ask them about what they think of North Korea and Kim Jung Un in the interview
    • This one is a bit tongue-in-cheek. When I did it, they disconnected, solving the problem quickly and efficiently.
  5. Verify past employment
    • Anyone can put down anything on their resume. If you do a reference check, the lies don't last.
  6. Do a background check
    • Use a background check service to confirm the candidate's identity. It costs a bit of money, but given the risk, it's worth it if you have any suspicions.

Protect Your Company from Risk

Spotting fake engineers early in recruitment protects your business from significant financial, reputational, and operational harm. Trust your instincts, follow these practical steps, and always perform due diligence.

Share
Written by Krystian Cybulski
Image
Contact me if you're concerned about your hiring process and want expert help to ensure your next engineering hire is who they say. I'll guide you through safely hiring legitimate talent and protecting your company from these increasingly common threats.
Reach out