Even security experts can be fooled. In July 2024, Knowbe4, a Florida-based company that offers security training, discovered that a new hire known as “Kyle” was actually a foreign agent. “He interviewed great,” says Brian Jack, KnowBe4’s chief information security officer. “He was on camera, his résumé was right, his background check cleared, his ID cleared verification. We didn’t have any reason to suspect this wasn’t a valid candidate.” But when his facilitator—the US-based individual giving him cover—tried to install malware on Kyle’s company computer, the security team caught on and shut him out.
Back in london, Simon Wijckmans couldn’t let go of the idea that somebody had tried to fool him. He’d just read about the Knowbe4 case, which deepened his suspicions. He conducted background checks and discovered that some of his candidates were definitely using stolen identities. And, he found, some of them were linked to known North Korean operations. So Wijckmans decided to wage a little counter exercise of his own, and he invited me to observe.
I dial in to Google Meet at 3 am Pacific time, tired and bleary. We deliberately picked this offensively early hour because it’s 6 am in Miami, where the candidate, “Harry,” claims to be.
Harry joins the call, looking pretty fresh-faced. He’s maybe in his late twenties, with short, straight, black hair. Everything about him seems deliberately nonspecific: He wears a plain black crewneck sweater and speaks into an off-brand headset. “I just woke up early today for this interview, no problem,” he says. “I know that working with UK hours is kind of a requirement, so I can get my working hours to yours, so no problem with it.”
So far, everything matches the hallmarks of a fake worker. Harry’s virtual background is one of the default options provided by Google Meet, and his connection is a touch slow. His English is good but heavily accented, even though he tells us he was born in New York and grew up in Brooklyn. Wijckmans starts with some typical interview questions, and Harry keeps glancing off to his right as he responds. He talks about various coding languages and name-drops the frameworks he’s familiar with. Wijckmans starts asking some deeper technical questions. Harry pauses. He looks confused. “Can I rejoin the meeting?” he asks. “I have a problem with my microphone.” Wijckman nods, and Harry disappears.
A couple of minutes pass, and I start to fret that we’ve scared him away, but then he pops back into the meeting. His connection isn’t much better, but his answers are clearer. Maybe he restarted his chatbot, or got a coworker to coach him. The call runs a few more minutes and we say goodbye.
Our next applicant calls himself “Nic.” On his résumé he’s got a link to a personal website, but this guy doesn’t look much like the profile photo on the site. This is his second interview with Wijckmans, and we are certain that he’s faking it: He’s one of the applicants who failed the background check after his first call, although he doesn’t know that.
Nic’s English is worse than Harry’s: When he’s asked what time it is, he tells us it’s “six and past” before correcting himself and saying “quarter to seven.” Where does he live? “I’m in Ohio for now,” he beams, like a kid who got something right in a pop quiz.
