That Email Offering to Split a Developer Salary? It Is Federal Wire Fraud.

An unsolicited email arrived from “Kasim Utama” with a simple proposition: he applies to US software jobs, you attend the interviews and meetings, he does the actual work, and you split the salary 60/40 or 50/50. His friends already do it. Everyone is happy.

Except this is a well-documented fraud scheme that can land you in federal prison for up to 20 years.

The Email

The message came from [email protected] – already a red flag when the sender introduces himself as “Kasim Utama.” The pitch:

He is a developer in Asia with 10+ years of experience
He cannot get a US work visa
He wants a US-based developer to be the “face” – attend interviews, join team meetings
He does the project development and maintains communication with teammates “as needed”
He updates your profile, applies to jobs daily, manages interview schedules
He will even help you pass technical interviews
Split is 60/40 or 50/50 – “all of them are satisfied with it”

The email is polite, reasonable-sounding, and carefully structured to make fraud feel like a business partnership. That is the point.

What This Actually Is

This is proxy employment fraud – a scheme where a US-based “front person” gets hired by a company while an undisclosed overseas developer does the actual work. The company never knows the real developer exists. The front person collects the salary and splits it with the overseas worker.

The scheme has been documented extensively:

Ask a Manager covered it in 2023 as “this company will pay you to be a fake hire” – hundreds of readers confirmed receiving similar pitches
Vadim Kravcenko wrote a detailed analysis titled “Interviews as a Service” documenting how the scheme operates at scale
Hacker News threads with thousands of comments dissect the mechanics and legal exposure
Recorded Future documented North Korean IT operatives infiltrating Fortune 500 companies using this exact model
The World Economic Forum reported on it in December 2025 as a global threat to businesses

This is not a niche scam. It is an industry. And it is growing – 23% of companies encountered proxy interview fraud in 2023, and the problem has accelerated since.

The Red Flags in This Email

Mismatched identity. “Kasim Utama” sending from [email protected]. The sender name and email belong to different people. This is either a stolen account, a throwaway, or someone cycling through identities.

Unsolicited cold outreach proposing illegal activity. No legitimate business partnership starts with a stranger emailing you a fraud scheme. The casual tone is designed to normalize what is, by statute, a federal crime.

“My friends already do this.” Social proof pressure. Classic manipulation – if others are doing it and they are satisfied, it must be fine. It is not fine. It is wire fraud.

“No need to share credentials or sensitive information.” This line exists because the sender knows the target will worry about being scammed themselves. But the real risk is not that Kasim steals your credentials – it is that you commit multiple federal crimes by participating.

60/40 or 50/50 split. The financial hook. At a typical US software developer salary of $150,000-200,000, a 50/50 split means $75,000-100,000 per year for attending some meetings. Sounds easy. Federal prison for wire fraud is up to 20 years per count. Every paycheck deposited is a separate count.

Your Legal Exposure If You Participate

This is not a gray area. Participating in this scheme exposes you to serious federal criminal charges:

Wire fraud (18 U.S.C. 1343) – up to 20 years imprisonment and $1 million fine per count. Every paycheck deposited, every Zoom meeting attended under false pretenses, every email sent to the employer misrepresenting who is doing the work – each is a separate count of wire fraud.

Identity fraud (18 U.S.C. 1028) – up to 15 years imprisonment. Representing someone else’s work as your own to an employer constitutes identity fraud.

Computer fraud (18 U.S.C. 1030) – providing unauthorized access to employer systems and codebases to an undisclosed third party. The overseas developer would be accessing your employer’s repositories, internal tools, customer data, and proprietary systems without authorization.

Tax fraud – misrepresenting income, splitting payments to an undisclosed overseas party without reporting the arrangement.

Data breach liability – you are personally liable for any data breach or IP theft committed by the overseas developer who has access to your employer’s systems through your credentials.

In May 2024, a Nashville man was arrested for facilitating exactly this type of proxy employment arrangement for North Korean workers. The DOJ is actively prosecuting these cases.

The North Korea Connection

This scheme is not just about developers trying to earn more. Recorded Future and the FBI have documented that North Korean state-sponsored operatives use this exact model to infiltrate Western companies. US-based fronts – sometimes willing, sometimes unknowing – get hired at Fortune 500 companies while the actual work is performed by teams in North Korea or allied countries. The salary funds the regime.

You cannot know who is actually behind “Kasim Utama.” The email could be from an independent developer in Southeast Asia. It could be from an organized fraud ring. It could be connected to a state-sponsored operation. The legal consequences are the same regardless.

Beyond the Legal Risk

Even setting aside prison time, participating destroys your professional reputation:

Background checks – future employers run them. A fraud conviction ends your career.
Security clearances – gone. Any government or defense contractor work is permanently off the table.
Professional licenses – if you hold any, they get revoked.
Civil liability – the defrauded employer can sue you for damages, including the full salary paid plus legal costs.
Immigration consequences – if you ever need to sponsor a visa for someone else, a fraud conviction makes it nearly impossible.

What to Do With This Email

Delete it. Do not reply, do not engage, do not try to “investigate” by responding.

Report it. Forward the email to the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov. Include the full email headers – they contain routing information that helps investigators track the sender.

Block the sender. In Gmail: open the email, click the three dots, select “Block [email protected].”

Check your email exposure. The sender got your email address from somewhere – LinkedIn, a conference registration, a data breach, or scraping a public website. If your email is publicly visible on any profile, consider whether that exposure is necessary.

How He Got Your Email

The most likely sources:

LinkedIn – if your email is visible on your profile or in your contact info
GitHub – if your email is in your git commits (check with git log --format='%ae' | sort -u)
Conference attendee lists – many events share attendee info with sponsors
Data breach databases – your email may be in a breach dump (check at haveibeenpwned.com)
Website scraping – if your email appears on any public webpage
Purchased lead lists – bulk email lists sold on the gray market

These schemes operate at volume. The sender is not targeting you specifically – he is blasting this email to thousands of US-based developers hoping for a small conversion rate. You received it because your email address is on a list, not because someone researched you personally.

The Bottom Line

The email is not technically a scam in the traditional sense – the sender is not trying to steal your money or credentials. It is a recruitment pitch for a federal crime. The sender wants you to be the US-based face of a proxy employment fraud operation. The pitch is designed to make it feel like a harmless side arrangement between two developers. It is not. It is wire fraud, identity fraud, computer fraud, and potentially tax fraud – each carrying years of federal prison time.

Delete the email. Report it if you want to. Move on.

Sources: