Anomaly Detection in Email Behavior of Employees and Contractors

Anomaly Detection in Email Behavior of Employees and Contractors

October 20, 2023 / in Blog / by Zafar Khan, RPost CEO

It’s worse than we thought when it comes to funding weapons.

A few months ago, we at Tech Essentials unveiled a new AI security technology by RMail that analyzes vast amounts of ever-changing data sets to hunt for cybercriminals in real time; cybercriminals who are actively eavesdropping on email which is a precursor to luring people into paying fake invoices or worse (read more). 

We even spoke about alternate use of this RMail AI technology in the heyday of work-from-home --- this RMail technology suddenly began detecting customer employees who had a knack for morphing work-from-home into work-from-anywhere, in particular from Cancun, the Bahamas, and Cabo! (Read past article).

Email Activity ReportYou see, this RMail AI technology looks for anomalous activities related to email as email flows back and forth and around and around, reply, reply-all, forward… Some of those anomalous activities are, for example, unexpected access to an email through an unusual VPN or network; at least unusual for what would be considered “usual” for the people related to a particular email message.

Well, the FBI just broke our hearts. It is much worse than we expected.

According to the FBI and the Justice Department, North Korean IT workers in the thousands, posed as IT folks looking to get hired but wanting to work remote, and U.S. companies hired them as employees and contractors all through COVID. And, this army of posers secretly sent millions upon millions of dollars of their wages paid by US companies to North Korea for use in North Korea’s ballistic missile program!

Yes, it’s true (or at least alleged to be by the FBI in court). 

The North Korean government dispatched thousands of skilled IT workers to live primarily in China and Russia with the goal of deceiving businesses from the U.S. and elsewhere into hiring them as freelance remote employees. The workers used various techniques to make it look like they were working in the United States, including paying Americans to use their home Wi-Fi connections. 

Hmm. How prevalent was this? Could our “Upwork” freelancers have been using fake photos and personas? We certainly suspected this sometimes… What about those relatively new staffers we’ve never met who shy away from turning their video on in meetings?

It couldn’t have been me that was duped.

Well, it probably was, according to FBI Special Agent Greenberg who reported that any company across the U.S. and in some other countries that hired freelance IT workers “more than likely” hired someone participating in the scheme.

And yes, it can still get worse. And it does.

According to the FBI, these IT workers generated millions of dollars a year in their wages to not only benefit North Korea’s weapons programs, but in some instances, the North Korean workers also infiltrated computer networks and stole information from the companies that hired them and maintained access for future hacking and extortion schemes.

Hot Vendor in Digital Transaction ManagementThe FBI officials said the scheme is so prevalent: “At a minimum, the FBI recommends that employers take additional proactive steps …"

Well, here’s a proactive step you can take, recommended by us at Tech Essentials --- use part of the technology provided by Aragon Research’s named Hot Vendor of the Year, RPost.

RMail AI and its Email Eavesdropping technology has another great use --- it can actively detect anomalies among the email habits of the people that you not only employ but also contract with. In fact, considering how the FBI suggests nearly every company that hired some remote worker or freelance IT staff got caught up in this at some point over the last few years, it seems that you should consider RMail AI Active Tracker™ and Email Eavesdropping™ technology a new “must haves” for anyone who wants to detect these posers before you fund more weapons (inadvertently) and seemingly worse closer to home, expose yourself to seeds being planted for a future hack or ransomware attack!

RMail AI runs inside Microsoft Outlook and Gmail apps and can be enabled in many ways with a few clicks. Learn more here or contact RPost.