How organizations can protect themselves against phishing scams and fake workers

To defend against these threats, organizations must train employees to recognize phishing attempts and invest in advanced technological defenses.
March 17, 2025
7 min read

Cybercriminals have become increasingly sophisticated, evolving their tactics in response to stronger cybersecurity platforms. As organizations bolster their defenses, attackers have turned their focus to human vulnerabilities, making social engineering – especially phishing – one of the most effective methods for breaching previously secure systems. Phishing schemes manipulate human emotions such as fear, greed, and urgency, tricking individuals into sharing sensitive information or unwittingly installing harmful software, like viruses and ransomware.

According to ProofPoint's 2024 State of the Phish report, over 70% of organizations faced at least one successful phishing attack in 2023. The consequences have been severe: financial penalties have skyrocketed by 144%, and reputational damage has risen by 50%. But phishing isn’t the only emerging threat. Cybercriminals also infiltrate companies by hiring IT professionals with false identities. A striking example surfaced last year when North Korean operatives secured jobs at over 300 U.S. companies as remote IT workers. Once inside, they used their legitimate access to conduct years-long cyber espionage, stealing sensitive data and diverting funds to support illicit operations.

These rising threats highlight the need for organizations to reassess their security posture. Cybercriminals exploit both technological vulnerabilities and human weaknesses. A comprehensive cybersecurity strategy must go beyond advanced technological defenses to combat this. It should also emphasize continuous employee education, strict identity verification, and a culture of vigilance. These measures help mitigate the risks posed by increasingly complex tactics.

Why Does Phishing Continue to Work?

Phishing is successful because it taps into our emotional human responses, circumventing traditional technical barriers. Unlike brute-force attacks that rely on cracking passwords or exploiting rare vulnerabilities, phishing manipulates human instincts to achieve its goals.

While security measures like multi-factor authentication (MFA) and smart password generators have made it more difficult for attackers to crack physical barriers like passwords, phishing bypasses these defenses by exploiting our emotions. Imagine receiving an urgent message warning that your company’s account has been compromised, prompting you to verify your credentials. Or, if you’re a new employee, an email seemingly from the CEO requests a quick favor – perhaps purchasing gift cards or sharing sensitive company information. In a moment of panic or eagerness to make a good impression, you're more likely to comply, unknowingly handing over your sensitive information.

Phishing is successful because it taps into our emotional human responses, circumventing traditional technical barriers.

Additionally, the promise of a reward, like a prize or an exclusive offer, often encourages individuals to act quickly, ignoring caution. According to Verizon’s 2024 Data Breach Investigations Report, it only takes about 60 seconds for someone to fall for a phishing scam, demonstrating how quickly an emotional lapse can lead to a breach.

AI has further amplified the effectiveness of phishing. Attackers now use generative AI tools to craft compelling phishing emails, texts, and voice messages, impersonating trusted colleagues or bosses with frightening accuracy. AI-powered scams, including vishing (voice phishing) attacks, blur the lines between legitimate and fraudulent communications, making it even harder for employees to differentiate between them.

Phishing thrives on exploiting our instincts of fear, desire for quick rewards, and impulse to help. Our digital lives provide fertile ground for these attacks. With AI now in the hands of cybercriminals, the tools to deceive have become sharper, amplifying the urgency for vigilance.

The Menace of Fake IT Workers

Cybercriminals are no longer just breaking in from the outside – getting hired. Using fake credentials, stolen identities, and deepfake technology, attackers pose as legitimate IT professionals to land jobs within companies. Once inside, they exploit the trust and system access granted to them, extracting sensitive customer data, financial records, and proprietary information.

As mentioned previously, North Korean operatives, for example, carried out a years-long scheme that recently led to indictments for infiltrating 300 companies by posing as IT workers. In one operation, 64 U.S. businesses were tricked into hiring these fake workers, who used stolen identities and remote access software to steal proprietary data and divert funds to support North Korea’s missile program.

These individuals weren’t outsiders trying to break past firewalls or crack passwords – they were officially hired, background-checked employees with legitimate system access. Yet, behind their seemingly normal roles, they were executing a calculated breach from within. Their ability to blend into the workforce allowed them to quietly extract valuable data and funds, posing an immense security risk.

This growing threat underscores the need for strict access controls. Employees should only have access to the systems and data necessary for their specific roles. Implementing robust identity verification, continuous monitoring, and role-based access restrictions can help prevent bad actors from exploiting insider privileges and turning a company’s trust into its greatest vulnerability.

Recognizing and Stopping Threats: How to Spot Fake IT Workers and Phishing Attacks

To defend against these evolving tactics, recognizing and preventing both phishing attacks and impersonations by fake IT workers is essential. Here are red flags to watch out for and key strategies to help spot fraud:

  • Credentials That Don’t Add Up – Weak or outdated credentials are often signs of unauthorized access. Fake IT workers may attempt to bypass defenses using shared logins or weak passwords. Implementing MFA can help block these breaches by adding layer of security.
  • Suspicious Payroll Activity – Fake employees may infiltrate payroll systems, rerouting funds to fraudulent accounts. Look for anomalies such as ghost employees (fictitious workers who exist only on paper to collect a paycheck) or unexpected changes in HR records. Regular audits and verifications can help detect these issues early.
  • Insider Threats – Both disgruntled employees and negligent external contractors pose significant risks. Whether intentional or accidental, these threats can undermine an organization’s defenses. Vigilant monitoring and strict access management are crucial for mitigating insider threats and protecting sensitive data.
  • Compliance Gaps – Non-compliance with data protection regulations such as GDPR or DORA can lead to significant financial and reputational damage. Ensuring your organization’s compliance with these regulations is vital to safeguarding data and maintaining trust.
  • AI-Enabled Deceptions – AI tools now enable cybercriminals to create persuasive fake communications, making distinguishing between real and fraudulent activity harder. Monitoring unusual login patterns, access times, and employee behavior can help spot AI-generated impostors and prevent them from gaining access to critical systems.

Building a Defense Against Phishing, Fake IT Worker Attacks, and Securing Host Access

Creating a strong defense begins with fostering employee awareness. Ongoing training ensures employees recognize phishing attempts, spot red flags, and report suspicious activity. However, awareness alone is not enough. According to Proofpoint, over 70% of employees still engage in risky behaviors, such as reusing passwords or clicking on unknown links. Organizations must go beyond training and foster a cybersecurity-first culture, one where employees take an active role in protecting company data.

Technology is just as critical in defending against these threats. Secure host access ensures that only authorized users can reach sensitive systems. Strengthening security through TLS 1.3 encryption for mainframe logins, Single Sign-On (SSO), Secure Shell (SSH) for remote access, and multi-factor authentication adds layers of protection. Centralized identity and access management (IAM) systems further reduce risk by enforcing role-based access controls, ensuring employees can only access the systems and data necessary for their jobs.

When access falls into the wrong hands – whether through phishing or insider threats – seemingly low-level employees can become gateways to devastating breaches. Regular audits and strict access controls help detect vulnerabilities before attackers can exploit them. Organizations can build a resilient defense against phishing, fake IT worker attacks, and other emerging cyber threats by combining employee education, robust access management, and advanced security technologies.

Conclusion

The growing sophistication of phishing attacks and the rise of fake IT workers requires a comprehensive, multi-layered defense strategy. Cybercriminals no longer rely solely on technical vulnerabilities; they exploit human weaknesses. As digital environments become more complex and workforces become more distributed, the opportunities for these attacks multiply.

To defend against these threats, organizations must train employees to recognize phishing attempts and invest in advanced technological defenses, such as secure host access and modern IAM solutions. In the battle against cybercrime, combining human awareness and technological fortification is paramount. Vigilance, continuous training, and stringent security protocols are not just best practices; they are imperative.

About the Author

Puneet Kohli

Puneet Kohli

President of the Application Modernization Business Unit at Rocket Software

Puneet joined Rocket Software in 2018 as the Vice President of Quality and DevOps and was promoted to the President of the Application Modernization Business Unit in 2023.

At Rocket Software, Puneet has held multiple leadership roles, leading the Quality and DevOps and Product engineering teams. He has been instrumental in standardizing Rocket Software’s Quality and DevOps toolchain.

Along with touching nearly every Rocket Software product at some point during his tenure, he also helps drive initiatives like Rocket.Build, Community Connectors, and acquisition integrations.

Before joining Rocket Software, Puneet held leadership roles at Dell EMC, RSA, and CA and spent over 10 years in the identity and access management space. Puneet serves as the president of a nonprofit board focusing on community and culture. Puneet's love for community service keeps him busy outside of Rocket Software. Puneet holds a B.S. in Computer Science from Northeastern University.

Sign up for our eNewsletters
Get the latest news and updates

Voice Your Opinion!

To join the conversation, and become an exclusive member of Security Info Watch, create an account today!