Companies flag location spoofing among hybrid, gig workers

BENGALURU: Background verification firms and corporate forensic teams are flagging cases of location spoofing, particularly among hybrid employees and gig workers. In several instances, employees have been pulled up after allegedly misrepresenting their actual work location, with such discrepancies surfacing during random audits, compliance checks, or client reviews. Investigations found that some used travel routers or similar devices to make it appear they were working from their designated base locations while actually operating from elsewhere.An employee at an MNC firm was terminated after being flagged for location spoofing while working remotely, according to a post shared on the social media platform Reddit. The individual said he was with the company for a couple of years and travelled to his home country in South Asia last month due to a family emergency. To avoid drawing attention, the employee said they used a travel router configured with a cloud-based server to make it appear as though they were working from the US. According to the Reddit post, the employee was subsequently interviewed by an internal investigator and was terminated for violating the company’s business conduct guidelines by masking his actual work location. Amit Rahane, partner at EY’s Forensic and Integrity Services, said location spoofing is no longer theoretical. “Companies are detecting such cases through compliance audits, security reviews, and client checks rather than active surveillance. Many employees underestimate how much data is captured. Several controls were introduced during Covid to monitor moonlighting—such as IP tracking and login analytics—and these systems remain in place. As a result, location inconsistencies are often detected even without targeted monitoring,” he said.Ashok Hariharan, cofounder and CEO of identity verification platform Idfy, said companies want to verify whether a gig worker went to a specific location—for instance, whether a delivery was genuinely attempted at a customer’s residence. “Second, there are cases where a gig worker hands over their phone to another person. To prevent this, companies rely on face-matching tools alongside location data. Third, some apps are used to mask delivery attempts. In such cases, a phone may remain stationary while the app falsely indicates that the worker travelled and attempted the delivery. Since gig workers are sometimes paid even for attempted deliveries, this creates a potential fraud risk.” Hariharan said location spoofing can be identified by combining IP and VPN intelligence with GPS-based checks. “Monitoring these geographic and temporal signals enables authorities to anticipate where financial crime is likely to emerge next and intervene proactively. The same approach, correlating IP/VPN detection with GPS validation, can also be applied to identify location spoofing across a wide range of other use cases.”Idfy’s Hariharan said the process also involves validating GPS and sensor data, detecting rogue apps manipulating location, identifying VPN usage through latency and traffic patterns, and using device biometrics and behavioural signals, much of which is data science-driven.Rahane said most companies avoid active surveillance due to privacy concerns, with detection typically occurring through security audits, compliance checks, or client reviews. Forensic teams analyse controls such as geo-fencing, two-factor authentication, attendance logs, IP geolocation, Wi-Fi SSIDs, frequent location jumps, and unusual login times during routine audits. “VPN tools have become more sophisticated, but corporate systems still capture patterns beyond just IP masking, login behaviour, device fingerprints, and usage anomalies can still expose spoofing. It’s not as foolproof as employees assume,” he added.