One MSP Exec’s Warning: Beware Of North Korean, Chinese Imposters
‘They’re most likely sitting in an office building in China or in Vietnam, working 18 hours a day. They’re sitting in cubicles with other citizens from North Korea who are watching them. They watch each other, and someone who may not be doing their job or doing everything they’re supposed to do will be called out, pulled out, and killed, and/or their families will be killed. These folks are bringing in income, six-figure income, for all the work that they do, and they send it back to the North Korean government,’ says Reagan Roney, principal and chief experience officer at Solvere One.
It is already difficult enough recruiting talent without worrying about whether that talent is secretly an imposter from either North Korea or China.
Yet that is exactly what MSPs and other services providers now have to be worried about, said Reagan Roney, principal and chief experience officer at Solvere One, a Dulles, Va.-based MSP that does a lot of work with government officials in Washington, D.C.
Roney Tuesday told an audience of MSP executives at this week’s XChange 2025 conference in Denver, hosted by CRN parent The Channel Company, that it can be a challenge when it comes to hiring talent from various locations.
[Related: It’s A Lot More Than EBITDA When It Comes To MSP Valuations: Exec]
“Asking certain questions of potential employees could be tricky based off the laws that govern who and what you do and how you do your business,” he said. “But I’m going to talk to you about how important it is because the days of, oh, they have certs, or they’ve had this type of history, are going away when it comes to verifying that you’re hiring somebody who’s a legitimate U.S. citizen.”
Citizens of North Korea are not allowed to be paid U.S. dollars in countries that use U.S. dollars as their own currency, and the country is sending out citizens who work in employee farms to get jobs that pay with the currency, Roney said.
One way they get paid is to create fake personalities and try to get some sort of job, especially in IT, which is the top field they go after, he said. They then try to get paid in crypto or U.S. dollars directly to their accounts, which is extremely hard to do, and so it’s not the most common way to do it.
“The most common approach they have is finding a U.S. citizen willing to lease their identity,” he said. “Yes, believe it or not, there are U.S. citizens that will lease their identity, which means that they will provide their name and social security numbers and all the things they would need to get hired. They will say then say they’re San Diego, California, they have IT experience, here’s their social security number, and present themselves actually very well, even through the interview process. And they get hired, and they then start earning an income.”
These North Korean citizens may have six jobs at any given time, Roney said.
“They’re most likely sitting in an office building in China or in Vietnam, working 18 hours a day,” he said. “They’re sitting in cubicles with other citizens from North Korea who are watching them. They watch each other, and someone who may not be doing their job or doing everything they’re supposed to do will be called out, pulled out, and killed, and/or their families will be killed. These folks are bringing in income, six-figure income, for all the work that they do, and they send it back to the North Korean government.”
MSPs need to be aware of the risks they face because of the recruitment scam, Roney said.
“If you’re caught hiring these types of people, you can then become complicit in hiring North Korean nationals,” he said. “If you are a relative of somebody who’s doing this and know that it’s going on, you can be complicit as well and be prosecuted.”
One way to help protect against this employment scam is to exercise care during the interview process, Roney said.
“When you are interviewing people, be very sensitive about questions,” he said. “What kind of questions should we ask? One question I actually found pretty hilarious since we heard the recording in the FBI office is a recruiter who said, ‘Hey, you’re saying you’re from San Diego. What high school did you go to?’ And in Korean, they could hear this person ask the guy next to him, ‘What high school did I go to?’ There was enough of a lag there that they figured out something was amiss. … You can ask personal questions like that. I encourage you to do it.”
For messages from North Korean or Chinese people involved in hiring scams that increasingly come via LinkedIn or other social media, it’s common for the writers to ask questions in good English aimed to build personal relationships, Roney said.
“You’re going to find that they want to flatter you,” he said. “They might reach out and say, ‘Hey, I think you’re such a force in the IT world. I hear that you are so smart when it comes to social media or what have you. I would love for you to write a white paper or would love for you to do some consulting course.’ I know you’re all amazing people in this room, and you do incredible things, but distrust everyone. Ask questions, if you can. If it’s not a trusted source, I wouldn’t even engage at all.”
Know that there are consequences to working with such people, Roney said.
“Make sure your employees are made aware of it,” he said. “If you have employees that have worked for agencies, government contractors, and who have security clearances, and they put it on their LinkedIn profiles, strongly suggest they remove it.”
Roney also said certain Chinese nationals are also using social media and other resources to attach IT infrastructures or steal secrets.
“They are going to do anything trying to disrupt what we do, our businesses, our way of life,” he said.” They’re going to try to copy-cat what we do, and they are going to go after people [in IT]. It’s happening. They’re going after your friends. If you have any sort of online footprint, which I can tell you all do without making you raise your hands, they are targeting you. If you want to freak yourself out, go into Microsoft, if you have Microsoft 365, and look at the attempted logins to your email address. It will mess you up. Yesterday I had 333 attempted logins to my email address. And guess what? They weren’t people from Nebraska or California or Florida. They were from North Korea, Romania, China, and the like. So know you are being targeted.”
Has Patel, founder of Infologic, an Irvine, Calif.-based MSP, told CRN that he has several times received unsolicited emails asking him to provide consulting services.
“I’m really careful about where that information is coming from,” Patel said. “I found that sometimes they get some information from my website when I was saying that I was helping some government agencies. They said there are some people coming, and would I like to meet them, possibly for a consulting appointment. And I kind of figured out there was something wrong with it. So I said I had a meeting and didn’t have any time. The big clue that this was something wrong was when they said this will lead to consulting services outside the country.”
Patel said it is important in this situation to get more information via an email exchange.
“Try to get some more contact, and if they are genuine, they will send you via email rather than contact you on the phone. It is easier to tell they are genuine, such as possible clients, than if they call you on the phone.”