An infrastructure company in US recently found out that one of its employees had outsourced his job to China. The employee outsourcing scam incident came to light after the security team of the company conducted an audit suspecting a security threat in its VPN logs. This led to further investigations and it came to light that the employee had the same scam going on in a number of companies.
Although outsourcing is quite common in the west, US employees who outsource their own jobs is certainly a first. Now every employer will have to worry about the employee outsourcing scam.
Nowadays, with outsourcing becoming the order of the day, it’s not only the employers but also US employees who are empowered to outsource their jobs. An employee working in a US infrastructure firm has allegedly outsourced his work to a Chinese company. The employee reportedly outsourced his 9 to 5 hour job and spent his time leisurely surfing the net.
The employee in his 40s spent all his working hours, five days a week, watching videos in YouTube, browsing Reddit and eBay. It is said that the employee paid only a fifth of his six digit salary to outsource his job.
The issue went public when the company appointed its security team Verizon, to carry out an audit suspecting a security split on the company’s Virtual Private Network (VPN). The audit team traced the breach to Shenyang, China, the employee’s workstation. It was further unraveled that the employee had been actually outsourcing his job for the past couple of months.
It was deliberated that this employee was able to outsource his job easily since the company had given its employees the option of working from home, a few days in a month. The company had set up a VPN concentrator 2 years back to enable a better telecommuting oriented workforce.
In an attempt to solve the security breach, it was even suspected that this could be some malware from China targeting the confidential information of the company. Later, it was noted that PDF files from the Shenyang contractor which had invoices sent by him was also found on the employee’s computer.
The employee did not have to face the problem of authentication as the contractor had the employee’s RSA (security) sent by him. This enabled the Chinese contractor to log-in on the employee’s name during a work day.
The security team of the company, Verizon went further with its investigations to find out that the employee had the same scam going on in a number of companies. This in turn, allowed him to earn several hundred dollars in a month. The employee paid the Chinese consulting firm about $50,000 (Rs. 27,080,000/-approx) annually, which is just one fifth of his salary. Needless to say, it was only a matter of time before the employee was sacked.
The case may be resolved for now but brings to light the many lapses that exist in the country’s system that allows such breaches of security among US employees.
Creativity of people lead to employee outsourcing scam. But it doesn’t work long term.