This nail salon worker pulled off ₹8 crore scam with 13 IT jobs

In an age where remote work has become a way of life, one man managed to turn it into a cover for an international fraud. Hired by over a dozen tech firms, he was paid nearly a million dollars– without ever writing a single line of code.
At first glance, Minh Phuong Ngoc Vong seemed like any other remote IT professional. But federal authorities say he was at the center of a sophisticated scheme that helped suspected North Korean operatives secretly work inside U.S.-based companies– and possibly even access sensitive government systems.
Multiple jobs, zero experience
As quoted by Moneycontrol, Fortune reported that between 2021 and 2024, Vong allegedly held remote IT positions at 13 different companies across the U.S., earning nearly $970,000 for roles he wasn’t qualified to perform, because he wasn’t the one actually doing the work.
According to the report, the software tasks assigned to Vong were actually being carried out by foreign developers believed to be working on behalf of the North Korean regime. They accessed company systems using Vong’s credentials while operating from overseas, often through China.
A fake resume built for fraud

To get hired, Vong allegedly used fake resumes that presented him as a senior software engineer with over a decade of experience and a degree from a U.S. university. Some resumes even falsely claimed he had government-level security clearance.
In reality, Vong had no background in software. He worked at a nail salon and had no formal qualifications in tech– yet he managed to get past multiple rounds of interviews and background checks at major firms.
A gaming app contact that led to an international operation
According to the report, authorities say the scam began when Vong was contacted by a person using the name “William James” through a mobile game chat. This individual offered him a chance to earn money by applying for remote IT jobs and handing over system access once hired.
As Fortune reported, investigators believe “James” is a North Korean national who coordinated with Vong to build fake job applications, bypass hiring processes, and route earnings back to the regime. Vong’s devices and online accounts were then used by developers working from China to gain real-time access to U.S. networks.
One mismatched screenshot raised the alarm

According to the report, the fraud came to light when one employer noticed something unusual. A visual identity check during the hiring process revealed inconsistencies between screenshots of Vong from different interview stages. This prompted internal verification, and when the ID didn’t match the earlier interviews, the case was flagged. That single red flag led to a broader federal investigation, uncovering the entire operation.
Serious national security concerns
Some of the companies Vong worked for were subcontractors on government-linked projects, including ones tied to the Federal Aviation Administration. This has raised alarms about the risk of unauthorized access to critical systems.
As per the report, federal officials believe this scheme is part of a broader strategy by North Korea to secretly place its citizens into overseas tech jobs, not only to generate revenue for the state, but potentially to extract sensitive information.

Remote work, real threats
This case is a significant reminder of how remote hiring can be exploited if proper checks aren’t in place. As more companies continue to hire globally, cybersecurity experts are urging tighter protocols, especially when employees have access to confidential or government-related data.