Employees hired under fraudulent pretenses typically are ‘much less productive and effective when they’re in the office,’ Amazon Chief Security Officer Steve Schmidt says.
When Amazon CEO Andy Jassy mandated that corporate workers return to the office five days a week starting at the beginning of the year, thwarting insider threats was not on the list of reasons for the move.
But this has ended up being a major, if unintended, benefit of the shift in 2025, according to Amazon Chief Security Officer Steve Schmidt (pictured), who spoke with a group of journalists this week in New York.
[Related: CrowdStrike-AWS Security Partnership: 5 Latest Moves]
For some time now, individuals working on behalf of North Korea have been seeking to dupe U.S. companies into hiring them—through a scheme made possible by laptop farms and false identities—mainly as a way of generating revenue for the heavily sanctioned country.
More recently, North Korea has even begun “purchasing” identities from willing participants in the U.S., Schmidt said.
“If I’m somebody who’s got an IT background, and North Koreans want to use it, they’ll compensate me for the use of my identity—[in order] to apply for a job at one of the companies that they’re interested in getting hired at,” he told reporters.
The schemes can get even more elaborate, particularly in cases involving non-sanctioned countries.
Amazon has in fact identified multiple companies, primarily based in India, who will coach under-qualified Americans on how to get hired at major tech firms—and then have the actual work performed by outsourcers from the foreign company, according to Schmidt.
“That way, that person who’s hired here can hold two, three, four jobs while they outsource that work to people outside the country,” Schmidt said.
The return to the office has made a massive difference in exposing the schemes, however, he said.
“We have found that these people typically are much, much less productive and effective when they’re in the office,” Schmidt said. “It’s harder for them to outsource off of their work computer.”
As one example, for software developers hired under fraudulent pretenses, “the quality of their code was markedly lower when they were in the office versus when they were home—hugely different,” he said. “That allowed us to say, ‘Something is really goofy here. This is not what we were expecting to see.’”
Meanwhile, Amazon has also begun to address another weakness that’s been exploited in these types of insider threats: The virtual interview process.
For the under-qualified individuals—who are seeking employment at the behest of a foreign company—Amazon believes they are typically receiving live assistance during the interview process, Schmidt said.
“They’re coached on how to answer our questions, how to write the decent code we expect during the interviews,” he said.
Recently, however, Amazon has begun to switch back to in-person interviews, he said. And Amazon believes this has been filtering out many of the fraudulent candidates, who either won’t or can’t come in for an interview.
“We decided [to] shift away from completely virtual interviews—to bring people in, in-person,” Schmidt said. “It is much, much harder to fake somebody [into] getting employed if they have to go through an in-person screening event.”
Thus, when it comes to stopping some security threats, it’s the lower-tech solution that may actually be most effective, even when you are one of the biggest tech companies in the world.
`
