Corporate forensic investigators and background verification companies in India are reporting a significant rise in cases of location spoofing, especially among employees working hybrid models and gig economy workers. These incidents involve individuals deliberately masking their true geographic location to appear as if they are working from an approved office or city.
How Employees Are Faking Their Work Location
In numerous instances flagged by companies, employees have been caught misrepresenting their actual work location. These discrepancies typically come to light during routine random audits, internal compliance checks, or reviews initiated by clients. Investigations have revealed that some individuals use specialized hardware like travel routers or similar devices. These tools are configured to route internet traffic through a cloud-based server in a pre-approved city, making it seem like the employee is logging in from their designated base location when they are actually operating from a completely different place, sometimes even a different country.
A recent example highlighted this trend. An employee at a multinational corporation was terminated after being flagged for location spoofing while on remote work. According to a Reddit post cited in reports, the employee had been with the company for a few years and travelled to his home country in South Asia due to a family emergency. To avoid raising red flags, he used a travel router set up with a cloud server to mimic his presence in the United States. The company's internal investigator interviewed him, leading to his termination for violating business conduct guidelines by hiding his true work location.
Companies Are Detecting Spoofing Through Existing Controls
Amit Rahane, a partner at EY’s forensic and integrity services, emphasized that location spoofing is a real and detected issue, not just a theoretical risk. He stated that companies are uncovering these cases through compliance audits, security reviews, and client checks, rather than via active, real-time surveillance of employees.
"Many employees underestimate how much data is captured," Rahane said. He explained that several monitoring controls, such as IP address tracking and login analytics, were introduced during the Covid-19 pandemic to address concerns like moonlighting. These systems have remained operational, and as a result, inconsistencies in location data are often identified even without targeted monitoring efforts.
Ashok Hariharan, co-founder and CEO of the identity verification platform Idfy, added another dimension, noting that companies also want to verify if gig workers physically visited a specific location, such as confirming a delivery was genuinely attempted at a customer's address. He explained that spoofing can be identified by combining IP and VPN intelligence with GPS-based checks.
Privacy Concerns Limit Active Surveillance
Despite the ability to detect these acts, most companies avoid constant active surveillance due to legitimate privacy concerns. Amit Rahane clarified that detection usually happens passively through the aforementioned audits and checks. The primary consequence for employees caught in such acts is severe, ranging from disciplinary action to immediate termination for violating trust and company policy. This trend underscores the evolving challenges of managing a distributed workforce in a digital age where technology can be used to bypass geographical work mandates.
