Amazon's Security Strategy Against North Korean Job Applications

Over the past 20 months, Amazon has successfully prevented over 1,800 individuals suspected to be North Korean agents from applying for tech positions, according to a senior executive at the company.

Security Measures and Detection

Stephen Schmidt, Amazon's chief security officer, highlighted on LinkedIn that North Korean nationals have been eyeing remote technological roles worldwide. Their main goal is often straightforward: secure a job, collect their salary, and channel the funds back to support their nation's weaponry initiatives.

Amazon employs a sophisticated approach by merging AI technology with human oversight to identify and intercept these applications. The company's AI tools inspect connections to nearly 200 'high-risk institutions' and evaluate unusual patterns and geographical inconsistencies within applications.

Human reviewers further ensure the accuracy of credentials through background checks and interviews.

Tactics and Indicators Used by Fraudsters

Schmidt noted an increase in calculated strategies used by fraudsters, particularly as they attempt to impersonate genuine software engineers to enhance their credibility. Some even try to hijack dormant LinkedIn accounts or purchase access to existing profiles.

The positions most sought after are in AI and machine learning, highlighting the growing demand for these roles.

Subtle discrepancies often serve as red flags. For instance, these applicants might use the international prefix '+1' for U.S. phone numbers instead of just '1'. While insignificant on its own, when combined with other factors, it becomes suspect.

Industry-Wide Challenge

These fraudulent activities aren't exclusive to Amazon. Schmidt stressed that the broader industry is likely experiencing similar infiltrations on a large scale.

Legal and Industry Responses

In July, a woman from Arizona received a 102-month sentence for aiding North Korean IT professionals in securing remote positions at over 300 U.S. firms.

The U.S. Justice Department described the operation as a 'laptop farm' scheme, which amassed over $17 million in illegal profits for the woman and the North Korean regime.

CrowdStrike's report for 2025 indicates a rising threat from North Korean remote-worker tactics.

According to Schmidt, Amazon has noted a 27% increase in applications linked to North Korea compared to previous quarters this year.

In June, searches were conducted on 29 suspected 'laptop farms' across 16 American states. The DOJ reported that North Korean actors secured jobs in over 100 U.S. companies, some of which are part of the Fortune 500.

The FBI advises companies to rigorously check identity verification, confirm past employment and education, and where possible, insist on in-person interviews.