Skip to content
Menu
menu

Photo by iStock

Two Emerging Workforce Scams Can Lead to Dire Consequences

By Sara Mosqueda
3 April 2025

Today in Security

This week, news emerged about two different trends that concern workforces: in Mexico, cartels use hiring scheme to force people into illegal cartel work, while North Korea seeks to infiltrate European and U.S. companies by placing compromised IT workers.

Mexico

An investigation into a Jalisco ranch in western Mexico has uncovered horrific methods that the Jalisco New Generation Cartel has used to train, and sometimes dispose of, recruits.

The cartel uses three methods in replenishing and growing its numbers—volunteers, recruitment of former military or police officers, and forced recruitment, according to news reports.

Authorities found that the cartel leverages social media platforms, including Facebook, to post fake job ads for positions, such as security guard work, with highly attractive salaries. Once applicants are identified and selected by the cartel, they are forced to join the organization.

“One recruit who reportedly survived the ranch has said that the cartel picked up recruits at bus stations under false pretenses and took them to the ranch where they were trained for a month in the use of weapons in addition to fitness training, Mexico's Public Security Secretary Omar García Harfuch said. Those who refused or tried to escape were beaten, tortured, and killed,” ABC News reported.

Investigators have found human remains and more than 400 items of clothing and personal items, as well as crematoriums on the property, according to García Harfuch. The extermination sites were initially discovered by a civilian organization that searches for missing persons, Guerreros Buscadores, according to InSight Crime.

The ranch, located in Teuchitlán, Jalisco, has been under investigation since September 2024, after ten people—including three former police officers—were arrested for suspected involvement in illegal activities.  

On March 24, García Harfuch announced that a cartel member, identified by the alias “El Comandante Lastra” was arrested for his alleged involvement in the carte’s forced recruitment efforts. Lastra is suspected of being linked to the ranch.

North Korea

North Korean agents pretending to be legitimate IT workers are increasingly targeting and infiltrating Western companies, placing them at risk of corporate espionage, data theft, and disruption.

These agents, sometimes referred to as “IT warriors,” are from the Democratic People’s Republic of Korea.

U.S. companies have already been targeted in these efforts and remain of interest to North Korean agents, who pose as remote freelancers. “Cash-starved Pyongyang has long deployed cyberspies to steal intellectual property,” The Wall Street Journal reported back in September 2024. “Capitalizing on a post-Covid boom in remote work and advances in generative artificial intelligence, North Koreans have been hired for hundreds—and potentially thousands—of low-level information-technology jobs and other roles in recent years, using stolen identities of foreigners, U.S. officials and security researchers say.”

However, European companies have also become of increasing interest, according to a Google Threat Intelligence Group report published on 1 April. The shift in focus is partly due to increasing obstacles the agents are encountering when attempting to secure or maintain employment in the United States, likely because of increased awareness of the threat due to public reports, indictments filed by the U.S. Department of Justice (DOJ), and right-to-work verification challenges, according to DPRK IT Workers Expanding in Scope and Scale.

The report pointed to one North Korean intelligence agent who in late 2024 created at least 12 different personas that targeted multiple European and U.S. organizations that operate in the defense industrial base and government sectors. “Separately, additional investigations uncovered other IT worker personas seeking employment in Germany and Portugal, alongside credentials for user accounts of European job websites and human capital management platforms,” the report said.

The agents’ attempts to gain employment have included deceptions such as falsely claiming to be of non-North Korean nationalities including Italy, Japan, Malaysia, Singapore, Ukraine, the United States, and Vietnam.

“This growth is coupled with evolving tactics, such as intensified extortion campaigns and the move to conduct operations within corporate virtualized infrastructure,” the report said.

Focus on Inclusion at Work

Amid DEI Challenges, Organizations Choose to Focus on Inclusion

Editor’s Note: Staying the Course

Fostering Employee Success and Retention Through Inclusive Workplace Safety Training

Corporate Security Is Curious about AI, But Is It Useful Yet?

How Well-Being Can Bring Value Back to In-Office Work

How Ally Leaders Boost Belonging and Business Outcomes

Best of Security Management

United States Designates 8 Cartels as Terrorist Organizations

5 Steps to Improve Situational Awareness and Public Safety at Large Events

Violence for the Sake of Violence: Understanding Nonideological Extremism

From Hard Numbers to a Value Proposition: Crafting a Story for the C-Suite with Metrics

Security Vulnerability Allows Intruders to Unlock Hotel Rooms Using Forged Keycards

Columbia University Adds Campus Peace Officers with Arrest Powers
arrow_upward