What do you do when you have a nice six-figure salary and are given the opportunity to work from home? Well, outsource your entire job to China of course! Okay, maybe not. But that’s what one US worker did.
Working as a software developer (in his 40s) in the United States for an unnamed US firm, he supposedly spent his work days watching YouTube videos and surfing around Reddit and eBay instead of doing any actual developing. How did he get away with it? By paying $50,000 every year — or about 1/5th of his substantial salary — to a company in Shenyang, China to do his job. As long as work was being done, no one was the wiser as to who was actually writing the code. Until recently.
The scam was discovered when the man’s employer asked Verizon to conduct an audit because they were suspecting a security breach. The company found some anomalous activity on its VPN logs and then eventually an active and open VPN connection from Shenyang to the employee’s workstation. They initially suspected malware that was being used to take confidential information from the company — until further investigations revealed hundreds of PDFs that turned out to be invoices from the Shenyang contractor. Andrew Valentine of Verizon revealed more information to the BBC:
“Authentication was no problem. He physically FedExed his RSA [security] token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average nine-to-five work day.”
“Evidence even suggested he had the same scam going across multiple companies in the area. All told, it looked like he earned several hundred thousand dollars a year, and only had to pay the Chinese consulting firm about $50,000 (£31,270) annually.”
According to Mr. Valentine, the employee no longer worked at the company. Very clever, whoever you are Mr. Employee.
Update: This story originally stated the US employee in question worked for Verizon. That is wrong, the man did not (does not) work for Verizon. The company the man worked for is not known. Verizon did the security audit of the company.