Tag Archives: email

Deepfake Recruiters and Invisible Recruiters

Why do scammers target anti-fraud experts? Because sometimes we’re dumb too.

But in this case I didn’t fall for the two deepfake recruiters who emailed me yesterday.

However, I have some concerns about the REAL recruiters that the fraudsters were impersonating.

Deepfake recruiter 1, the Senior Vice President

The first fraudster emailed me early Tuesday morning California time:

Hi John,

I hope you’re doing well. My name is Ethan [REDACTED LAST NAME SPELLED WITH AN “E”], Senior Vice President at Aerotek, a national staffing and recruiting firm.

I’m reaching out regarding a confidential, retained search for a Senior Product Marketing Leader with a real, actively operating company in the identity verification and biometrics space. Your background in product marketing, go-to-market strategy, and competitive intelligence across identity technology firms stood out strongly during our shortlist review.

This role is ideal for leaders who drive product launches, shape competitive positioning, and accelerate growth in B2B/B2G SaaS environments.

If this aligns with what you’re exploring, I’d be happy to share the full role brief.

Best regard 
Ethan [REDACTED LAST NAME SPELLED WITH AN “A”]

When a Senior Vice President can’t spell his own last name consistently, that’s a warning flag.

When said Senior Vice President emails me from ethan.aerotek.desk2@gmail.com, that’s another.

Finding the real recruiter

So because I am a Know Your Recruiter practitioner, (Adriana Linda, Kristen the guy, Amanda the guy, Randstad and Indeed people) I looked up Ethan on LinkedIn.

Turns out Ethan is a U.S. based person employed by Aerotek, with the same picture used in the Gmail account (which I guess qualifies this as a “deepfake”), but he is a Recruiter, not a Senior Vice President.

So I messaged the real Ethan on LinkedIn early Tuesday morning, reproducing the email message above and prepending it with:

Ethan, I received this from a Gmail address

Replying to the fake recruiter

Then I responded to the email from the fake Ethan:

Ethan, I have contacted you via LinkedIn. Please provide your Aerotek email address. Your client will understand.

My final comment probably went over the fake Ethan’s head, but any identity verification company would clearly understand why a candidate would insist on an Aerotek address rather than a Gmail address. Except in certain circumstances that I’ll address later.

And of course Aerotek would be very concerned about fraudsters impersonating real Aerotek employees…or so you’d think.

Back to the fake, who responded a few minutes later. Oddly enough, even though Ethan is U.S.-based, this email indicated that my reply was received in a time zone eight hours ahead of the Pacific Time Zone. Anyway, here’s the fake Ethan’s non-surprising response.

Thank you for reaching out. I’ve been experiencing some technical issues with LinkedIn this week, so I appreciate you continuing the conversation here.

This is the usual tactic employed by scammers. Stay off reputable platforms such as LinkedIn and move the conversation to another platform, in this case email. At least fake Ethan didn’t direct me to WhatsApp or Telegram.

As of Wednesday morning I left both conversations there. I didn’t reply to the fake Ethan’s latest email, and the real Ethan didn’t reply to my messsage.

And that’s a problem.

Concerns about the real recruiter

As I mentioned earlier, Aerotek obviously doesn’t want fraudsters impersonating their employees. And Aerotek employees certainly don’t want fraudsters impersonating them and lifting their facial images for fake Gmail accounts.

But the real Ethan apparently hasn’t checked his LinkedIn account in over 24 hours, and is completely unaware that a fraudster is impersonating him.

Causing damage to him and his employer.

If you’re a recruiter (or any professional) and you have a LinkedIn account, check it regularly. You don’t know what you’re missing.

But let’s move on to deepfake 2: technically not a deepfake since the fraudster only appropriated a name and not a likeness, but worrisome all the same.

Deepfake recruiter 2, the independent and invisible recruiter

The second fraudster emailed me late in the afternoon California time.

Hello John,

I hope you’re doing well.

I recently came across your background in B2B/B2G SaaS product marketing, particularly your work across identity, biometrics, and broader technology markets. Your experience driving product launches, developing go-to-market strategy, and building high-impact content and competitive intelligence frameworks really stood out.

I’m currently supporting a respected technology organization operating at the intersection of SaaS, cybersecurity, and identity, and your ability to bridge complex technical solutions with clear market positioning aligns closely with what they’re looking for.

Given your track record of both strategic thinking and execution (“ask, then act” definitely came through), I believe you could be a strong fit for this opportunity.

If you’re open to exploring, I’d be happy to share a brief overview of the role and why I feel it aligns well with your background.

Looking forward to hearing your thoughts.

Again this person emailed me from a Gmail address, consisting of the person’s name with an appended “8.”

Finding the real recruiter

So I checked out this person also, and discovered a few things.

  • This is also a real person, based in Europe. So she supposedly sent this email after midnight her time.
  • The real recruiter DOES have a Gmail address, but without the “8.” Why? Because the person is NOT employed by a huge recruiting firm such as Aerotek, but is a self-employed recruiting specialist. So it’s understandable that the real recruiter has a Gmail address. But as we will see, not advisable.
  • Her company name is her name with the word “Consulting” appended, according to her personal LinkedIn profile.

So I messaged the real recruiter with the message “Possible scam artist” and the email address (with the “8”) that sent the message.

Replying, and not replying, to the fake recruiter

About an hour later (now well after midnight European time), I received a second email from the fake recruiter that didn’t reference my reply to the first one.

Hello John,

I hope you’re doing well.

I recently came across your background in B2B/B2G SaaS product marketing, and your work across identity, biometrics, and go-to-market strategy really stood out—particularly your experience positioning complex technologies like IAM, biometrics, and AI-driven solutions.

Your track record in product launches, competitive intelligence, and building high-impact content at scale aligns closely with what we’re currently prioritizing.

I’m supporting a respected technology organization that is expanding its product marketing leadership team, and based on your experience, you could be a strong fit—especially given your depth across both public sector (B2G) and commercial (B2B) environments.

If you’re open to exploring, I’d be happy to share a brief overview of the role and why I believe it aligns well with your background.

Looking forward to hearing your thoughts.

I didn’t bother to reply to the second email from the fake recruiter, or to notify the real recruiter of the second email.

Eventually I received a reply to my first email early Wednesday morning…oddly enough, indicating that the fake was in the Pacific Time Zone, not Europe. (Note to scammers: change your computer and software settings so that your time zone matches the time zone of the person you’re impersonating.)

Here’s how the reply began:

Thank you for your message here—and I did see your note on LinkedIn as well. Apologies for the slight delay in getting back to you, I was tied up attending to a few things earlier.

Yeah, sure you saw my LinkedIn InMail.

Anyway, forget about the scammer. Let’s look at the real recruiter.

Concerns about the real recruiter

As I mentioned, the real recruiter has a personal LinkedIn profile and a Gmail address.

And that’s it.

  • I couldn’t find a LinkedIn company page for her consulting company.
  • A couldn’t find a website for her consulting company.
  • In fact, the ONLY reference I found to her consulting company was her personal LinkedIn page.

And that’s a problem.

The fact that she has no LinkedIn posts and no LinkedIn recommendations is another.

Now I’ll grant that many consultants get their business from word-of-mouth. Bredemarket certainly does.

But the only publicly-known way to contact THIS consultant is via email or LinkedIn InMail.

And as of now she hasn’t checked her InMail in over 12 hours.

What if she were to lose access to her LinkedIn account?

If you’re an independent recruiting consultant, own your own website, and don’t depend upon someone else’s social platform.

That’s one reason why Bredemarket offers several ways to reach me, most importantly the contact mechanisms available on my own website, free of the control of Microsoft, Meta, or any other company that could yank my access at the drop of a hat.

But there are others.

Bredemarket’s active platforms as of March 29, 2026.

So if you have content or other needs…such as the need to create content to publicize your recruiting consultancy…why don’t you talk to me?

When and Where Are Your Company’s Events?

Your company probably spends a lot of money exhibiting and presenting at trade shows and conferences. And you probably email your prospects and customers about your participation in these events.

But what about the people not on your mailing list?

You can do what the Biometrics Institute has done and create an events page on your website. As I write this, the Biometrics Institute’s events page lists upcoming appearances from March to June, including both in-person events and (for those of us nowhere near Sydney) online events.

How many Biometrics Institute members (and non-members) have their own events pages? One major identity firm (I won’t name it) has an events page…with no events.

But even if you don’t have a web page per se, you can email your prospects and customers as mentioned above. Another identity firm just sent me an email listing several future events, their dates, their locations, and why I would want to go to any of these events.

Do your prospects know about your upcoming events? Bredemarket can help you create a blog post, social media post, email, or even some web page content so that your prospects can see you. Let’s talk.

By the way, here are all the services Bredemarket provides.

Bredemarket services, process, and pricing.

When We Trust No One: Did Substack REALLY Say It Was Breached?

When you’ve been around long enough, zero trust is an attitude, not a technology. Which is how I reacted when I received an email from Substack yesterday and questioned whether it was REALLY from Substack.

The email

How many of you received this email yesterday?

Hello,

I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission.

I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.

What happened. On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.

What we are doing. We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.

What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.

This sucks. I’m sorry. We will work very hard to make sure it does not happen again.

– Chris Best, CEO of Substack

My reaction

My jaded reaction?

“Yeah, right.”

Yes, the email came from “Substack Standards & Enforcement” at security@substack.com, but such emails can be faked, and a few months ago I received an email processed by Substack’s servers that was NOT sent by the Substack account owner.

So last night I went to Substack’s own Substack account @substack to see what it said about the matter.

At the time…nothing.

As far as I was concerned, my email and phone number MAY have been breached, or maybe not. Perhaps some nefarious actor was trying to make Substack look bad.

So I forgot about it.

The article

This morning I revisited the issue to see if any reputable organizations had written about it. Not finding a Washington Post article, I turned to TechCrunch. (I’ve been reading TechCrunch since the Arrington days.)

Newsletter platform Substack has confirmed a data breach in an email to users.

So TechCrunch relied on the same information I had. There was no indication that TechCrunch had reached out to Substack directly to confirm the authenticity of the email.

Then again, TechCrunch printed its article at 6:55 am PST, and it was still up an hour later at 8 am. If the email had been a scam, Substack would have contacted TechCrunch immediately.

So I guess the story is legit.

Three ways to inform users of a breach

The story goes well beyond Substack, since sites are breached all the time. As far as I’m concerned, the issue isn’t “if,” but “when.”

(And yes I’m looking at you, all Workday-using sites that set the app to require account creation. How will you respond when a jobseeker asks you how you will protect their data WHEN your site is breached?)

There are three ways to inform your users of a breach.

[Bitdefender] surveyed over 400 IT and security professionals who work in companies with 1,000 or more employees. Bitdefender found that 42% of IT and security professionals surveyed had been told to keep breaches confidential — i.e., to cover them up — when they should have been reported.

Perhaps even more shockingly, 29.9% of respondents admitted to actually keeping a breach confidential instead of reporting it.

  • Minimally inform them. What I’m calling the Substack method, where a breach is publicized via one easily-spoofed channel, and not on the platform itself.
  • Powerfully inform them. The KnowBe4 method, in which KnowBe4 confirmed on multiple platforms that a North Korean had successfully secured employment with the firm.

How will YOUR firm respond when you are breached?

Declutter and Focus

2025 has been a year of declutterring and focusing.

The declutterring is the hardest. I may still love that long sleeve shirt with holes in the right elbow. (Why always the right elbow? I’m left handed.) But it’s no longer good for me, and I should have gotten rid of it years ago.

Whether it’s a former friend—a great person who went silent and indifferent—or a newsletter from a company that rejected my 2023 job application and only contacted me afterwards because GDPR required it—the time has come to simplify and focus.

Now just a few hundred LinkedIn newsletters and email subscriptions to go.

And to see where I can focus now.

Are You a Marketer Who is Contributing to Identity Theft?

I still receive “snail mail” at home. And every time I look at it I get enraged.

In fact, I’m this close to opening most of the pieces of mail, removing the postage-free reply envelope, and returning it to the originator with the following message:

Thank you for contributing to rampant identity theft.

How do companies, possibly including YOUR company, contribute to identity theft? Read on.

Snail mail, a treasure trove of PII

Let me provide an example, heavily redacted, of something that I received in the (snail) mail this week. I won’t reveal the name of the company that sent this to me, other than to say that it is an automobile association that does business in America.

John Bredehoft

[HOME ADDRESS REDACTED]

John Bredehoft…

You and your spouse/partner are each eligible to apply for up to $300,000.00 of Term Life Insurance reserved for members – and with Lower Group Rates ROLLED BACK to 2018!

… SCAN THIS [QR CODE REDACTED] Takes you right to your personalized application

OR GO TO [URL REDACTED] and use this Invitation Code: [CODE REDACTED]

So that’s the first page. The second page includes a Group Term Life Insurance Application with much of the same information.

And there’s the aforementioned return envelope…with my name and address helpfully preprinted on the envelope.

What could go wrong?

Google Gemini.

Dumpster divers

Now obviously the sender hopes that I fill out the form and return it. But there is a very good chance that I will NOT respond to this request, in which case I have to do something with all these papers with personally identifiable information (PII).

Obviously I should shred it.

But what if I don’t?

And some dumpster diver rifles through my trash?

  • Perhaps the dumpster diver will just capture my name, address, and other PII and be done with it.
  • Or perhaps the dumpster diver will apply for term life insurance in my name and do who knows what.

Thanks, sender, you just exposed me to identity theft.

But there’s another possible point at which my identity can be stolen.

Mailbox diverters

What if this piece of snail mail never makes it to me?

  • Maybe someone breaks into my mailbox, steals the mail, and then steals my identity.
  • Or maybe someone breaks into a mail truck, or anywhere on the path from the sender to the recipient.

Again, I’ve been exposed to identity theft.

All because several pieces of paper are floating around with my PII on it.

Multiply that by every piece of mail sent to every person, and the PII exposure problem is enormous.

Email marketers, you’re not off the hook

Now I’m sure some of you are in a self-congratulatory mood right now.

John, don’t tarnish us with the same brush as junk mailers. We are ecologically responsible and don’t send snail mails any more. We use email, eliminating the chance of pieces of PII-laden paper floating around.

Perhaps I should break the news to you.

  • Emails are often laden with the same PII that you find in traditional snail mail, via printed text or “easy to use” web links.
  • Emails can be stolen also.
Google Gemini.

So you’re just as bad as the snail mailers.

What to do?

If you’re a marketer sending PII to your prospects and customers…

Stop it.

Don’t distribute PII all over the place.

Assume that any PII you distribute WILL be stolen.

Because it probably will.

And if you didn’t know this, it won’t make your prospects and customers happy.

Eight is Enough: Eight Reasons This Substack “Compromised Firmware” Post Sounded Like A Hack

Last night I saw a Substack post from one of my subscriptions, but I immediately distrusted the post.

The post was purportedly from Kathy Kristof from SideHusl.com. Now Kristof herself is legitimate, and her SideHusl website evaluates…well, side hustles.

But this message didn’t sound like Kathy, and my spidey sense was aroused.

First part of scam post.
Second part of scam post.

Let me count the ways.

  1. “We.” Normally if an entity suffers a breach, the entity uses its name.
  2. “Your device”…”the firmware level.” Substack posts can be viewed on a variety of devices. So this supposed breach affected all of them?
  3. “If you are receiving this email.” While Substack subscribers can receive emails of posts, they also appear on the Substack website. I happened to be on the Substack website when I saw the post. I was not reading an email.
  4. “Take immediate action…by updating your firmware.” The typical scam sense of urgency, coupled with a non-sensical request (see 2).
  5. “The FBI has been notified.” Such a report should probably go to a different agency.
  6. “support@trezor.io.” Trezor is a legitimate company that secures crypto assets…which has nothing to do with SideHusl or Substack. And by the way…
  7. “Substack” (not). In the same way that the post does not explicitly mention SideHusl, it doesn’t explicitly mention Substack either.
  8. “Access Dashboard button.” The reader is asked to click this button, supposedly to update their firmware (see 2).

My immediate reaction?

“I ain’t clicking that Access Dashboard button.”

My note restacking the scam post.

And:

“Suspicious message, purportedly from Kathy Kristof at Sidehusl.com, asking you to click a button.

“No way.”

Independent note with screenshots of the original scam post.

Be careful out there.

Why Do We Trust SMS?

I hate to use the overused t word (trust), but in this case it’s justified.

“Scammers are aware that people are more likely to open and read a text message rather than an email  The open rates for text messages are more than 90% while the open rates for emails is less than 30%.  In addition, many email providers have filters that are able to identify and filter out phishing emails while the filtering capabilities on text messages is much less.  Additionally, people tend to trust text messages more than emails.  Text message also may prompt a quick response before the targeted victim can critically consider the legitimacy of the text message.”

From Scamicide, https://scamicide.com/2025/09/18/scam-of-the-day-september-19-2025-treasury-refund-text-smishing-scam/

What I can’t figure out is WHY text messages have such a high level of t[REDACTED]. Does SMS feel more personal?

When Bredemarket’s “CPA” Services Become “C_A” Services

Bredemarket hasn’t sent a mass mailing lately.

Sure, I have a template for my current mailing, but it’s adjustable for each prospect. Rather than send it to everyone at once, I bring up the template one-by-one and tweak it to each individual prospect.

I definitely had to perform some tweaking when I started mailing some particular technology prospects.

I initially learned about these prospects via Ryn Bennett in the spring of 2024. These companies provide AI-enhanced proposal response software, and all strive to make the proposal process more efficient while improving accuracy.

Back in the spring of 2024 I had reached out to many of these prospects. I created a landing page specific to them, and I also created a presentation for the group. I subsequently adjusted this presentation for more general use.

Differentiating Your Company and Your Products/Services (April 9, 2024)

And time passed.

Time waits for no one, and it won’t wait for me. Cue Mick Taylor guitar solo.

And now it’s August 2025, and I’m reaching out to these prospects again. But not all of them; one company didn’t survive to the end of 2024.

A tumbleweed on a fence.
When enterprises become dust.

But my marketing has evolved since spring 2024, and I make a big push for Bredemarket’s content-proposal-analysis service, or what I call a “CPA” service.

Bredemarket’s “CPA.”

Here’s an excerpt from my August 2025 email template.

Bredemarket has helped over 20 firms solve the content problem:

  • Compelling content creation: blog posts, case studies and testimonials, LinkedIn articles and posts, white papers. I’ve established firms’ positioning in the market and attracted prospects and sales.
  • Winning proposal development: managing, writing, and editing services. I’ve won millions of dollars’ worth of proposals as a Bredemarket consultant and employee to several tech firms.
  • Actionable analysis: Marketing, product, and competitive analyses. I’ve helped firms understand their strengths and weaknesses relative to the market.

But when emailed my spring 2024 proposal firm prospects, I made one slight edit.

My “CPA” became a “C_A,” and I removed the “Winning proposal development” bullet.

Because these prospects are never going to buy proposal services from me.

Not when they have their own AI-enhanced proposal response tools for proposal responses.

But I forgot to alter the logo at the end of the emails. Whoops.

Bredemarket’s “C_A.”

But you don’t need to wait for me to email you. If you are a technology marketer that needs consulting help for content services, or analysis services…or even proposal services, set up a free meeting with Bredemarket.

Stop losing prospects! Use Bredemarket content for tech marketers