#5: North Korean Hackers, GitHub Phishing, and Disaster Scams
The fraud landscape is evolving quickly, and this week is a testament to that. We’ve got hackers disguised as employees sneaking into companies, trusted platforms like GitHub being exploited for phishing, and criminals weaponizing empathy in the wake of natural disasters. Let’s dive into what we’re seeing and what it means for you.
NATE'S TAKE: Top Three This Week
- Hackers Infiltrate Companies by Posing as Remote Workers
- GitHub Phishing and the Abuse of Trusted Platforms
- Disaster Scams in the Wake of Tropical Storm Helene
1. The Inside Job: North Korean Hacker Infiltrates Company by Posing as Remote Worker
Trust controls can’t stop at the login screen. Companies must step up employee vetting, especially with remote workers, and tighten access management to limit exposure. Think of this as the next phase in the battle to secure your company from the inside, not just the outside.
A recent incident saw a North Korean hacker gain employment by faking personal details. Over four months, he siphoned data, then demanded a six-figure ransom when fired for poor performance. This incident reflects a broader shift we’ve been tracking around ATO: attackers aren’t just brute-forcing their way in anymore, or exploiting legitimate user credentials to bypass defenses – they’re walking in through the front door too.
Another connection: just last month, we talked about fraud moving faster than companies can react. This latest case isn’t just a cautionary tale—it’s a nudge to revisit how fast and frequently you’re auditing the access your people (and vendors) have. Are your defenses adaptive enough?
2. GitHub Phishing and the Abuse of Trusted Platforms
Attackers have upped the ante on phishing by using GitHub to evade detection. They’re leveraging GitHub’s infrastructure on a new tax-themed malware campaign as a way to bypass security measures and deliver Remcos RAT, creating the perfect scenario: malicious content hosted on a platform everyone trusts. This makes it increasingly difficult for email filters or secure gateways to spot the danger, and the attacks don’t stop there: fraudsters are also using QR codes, Telegram bots, and blob URLs to make phishing attempts look more legitimate.
We saw similar themes in Fraud in Focus 4, where AI-generated face clones exploited frictionless onboarding processes in fintech. The lesson is the same: convenience and trust come with vulnerabilities. If bad actors can turn GitHub against us today, what’s next? Fraud teams need to treat even trusted platforms with a healthy dose of skepticism. Internal training should focus on recognizing these shifts—because even legitimate-looking links or QR codes can be trouble.
And this raises a deeper question: If attackers exploit platforms users inherently trust, where do we draw the line between technology and human vigilance? In this connected world, defense strategies must account for both.
3. Emotional Exploitation: Disaster Scams in the Wake of Tropical Storm Helene
Storms bring chaos, and fraudsters know that chaos makes people vulnerable. Following Tropical Storm Helene, scammers have been using AI-generated images and emotionally charged narratives to pose as disaster relief organizations. These schemes aren’t just about technology; they exploit human emotions and urgency, two powerful tools in any scammer’s playbook.
This is a callback to an earlier Fraud in Focus, where we explored the psychological side of fraud – how attackers manipulate not just systems but also people’s behavior. Helene-related scams underscore this dual threat. When emotions run high, vigilance often drops. Fraud teams need to embed this awareness into their organizations, teaching people to pause and verify before acting, especially in crisis situations.
The takeaway? Fraud isn’t just a technical problem, it’s a behavioral one. And as AI makes these scams more convincing, we need to stay ahead, both by educating customers and continuously refining detection strategies.
===
That’s all for this week! For more insights, subscribe to my Fraud in Focus newsletter and get weekly updates in your inbox.
And be sure to follow us on LinkedIn or X, and if you want to learn more about what we do, request a demo here.
Ready to get started with Spec?
Nate Kharrl, CEO and co-founder at Spec, has built leading solutions for application security and fraud challenges since the early days of the cloud era. Drawing from his cyber experience at Akamai, ThreatMetrix, and eBay, Nate helped found Spec to focus on the needs of businesses operating in a landscape of increasing AI risks. Under Nate’s leadership, Spec grew from its mid-pandemic founding to raise $30M in venture-backed funding to build solutions used by Fortune 500 companies transacting billions in online commerce. Spec’s service offerings today include protective measures for websites and APIs that specialize in defending against attacks designed to bypass bot defenses and risk assessment platforms.
“With Spec, we can mitigate fraudulent activity, protect our revenue, and create a better user experience so that Indiegogo can remain a trusted crowdsourcing platform.”
Payments Manager
