Masha Borak of Biometric Update is writing about FaceKom again.
I discussed Borak’s previous article on FaceKom, which noted the alleged ties between FaceKom and the Hungarian government. The whole thing is a classic example of BENEFICIAL ownership, in which someone who is not the legal owner of a company may still benefit from it.
Borak returned to the theme in the current post:
“FaceKom, the identity verification company used by the Hungarian national digital identity program, has been acquired by major local IT and telecom group, 4iG Informatikai (4iG IT). The deal is now attracting attention among media outlets and political watchers due to the companies’ relationship with Prime Minister Viktor Orbán….
“Recent 4iG’s purchases, however, have been raising questions over the company’s reported links to the Hungarian government, which has been accused by critics of enriching political allies, family, and loyalists through state resources and public contracts.”
“4iG chairman and majority investor Gellért Jászai is known for his ties to Orbán and was invited as part of his entourage to Donald Trump’s Mar-a-Lago resort after the 2024 U.S. presidential election.”
“[FaceKom’s] previous owner is Equilor Fund Management, owned by the Central European Opportunity Private Equity Fund (CEOM)….While CEOM has no direct links with Orbán, local media investigations have discovered links with companies owned by the Prime Minister’s son-in-law, István Tiborcz.”
Mere links do not necessarily indicate illegal activity, and Hungarian law may differ from laws in other countries, but FaceKom is being watched.
During this shopping season, you will be offered incredible deals if you act NOW.
But before you respond to that mysterious “secret Santa” and send that gift (or those gift cards) TODAY to receive a highly-valued gift in return…know your business.
On LinkedIn, the hashtag “#opentowork” isn’t the only magic phrase that attracts all sorts of people. I found this out Sunday morning when I reshared my September 26 “Graber Olives is in Foreclosure…But There’s a GoFundMe” post on Bredemarket’s Inland Empire LinkedIn page.
I should note this is Kelsey Graber’s GoFundMe. This is not my GoFundMe.
Anyway, I reshared the post on LinkedIn…and got all sorts of reposts…with additional commentary. The commentary was not addressed to the GoFundMe fundraiser…but to me. (The resharers probably never read my original post; they just saw the word “GoFundMe” and jumped.) I’ve redacted the redirects to WhatsApp…a common fraud scam tactic.
The scammers’ what
Foone Berkeley:
“Hi, I came across your campaign, really impressive work. It reminded me of an independent group I’ve seen quietly helping project owners connect with private contributors who genuinely want to make a difference.
I’m not part of their team, but I’ve seen them support a few people in my circle. If you’re open to exploring new sources of backing, you can reach them directly here:
📞 WhatsApp: [REDACTED]
They usually prefer to speak one-on-one with campaign owners to understand their goals and see if there’s a good fit.
Wishing you continued success, your work truly deserves attention.”
Alex Mary:
“Hello 🌸 I just read your campaign, and it truly touched me. I know how tough fundraising can be, but there are genuine people out there who want to help. A trusted charity once helped me raise over $38,000 after I’d almost given up. If you’d like, you can message them on WhatsApp 👉 [REDACTED] they might be able to guide you too. 💙”
Olivia Williams:
“If you’re looking to grow your campaign donations fast, I truly recommend reaching out to Crowd. She’s an expert in GoFundMe promotions and helped me raise over $180,000 a few months ago! he knows exactly how to attract real donors and get results. You can contact her directly here [REDACTED]”
The scammers’ how
Let’s look at the red flags common to all three:
The person is touched by the fundraising effort, but doesn’t say anything specific about them. (And doesn’t acknowledge that this is someone else’s fundraiser, not mine.)
The person resharing is not the person who can provide help. It’s always someone else: an independent group, a trusted charity, or a woman (or man?) named Crowd.
The person wants to get you off LinkedIn as soon as possible. Private email, SMS, or an encrypted service like WhatsApp or Telegram.
The scammers’ goals
So why are these people so willing to recommend helpers who can assist desperate GoFundMe fundraisers? GoFundMe itself has addressed this:
“If someone you don’t know is reaching out to offer something that sounds too good to be true, we always recommend validating the individual before sharing any personal information. Donors and donor networks shouldn’t expect anything from you in return for their generosity.”
Two common tactics include:
Guarantee reaching your fundraising goal in exchange for a service fee or percentage of funds raised
Make a donation if you provide personal information such as email address, phone number, or banking information
There are other tactics, but the goal is the same. Instead of helping you raise money, the “helper” wants to get money from you.
Now there are legitimate companies that assist charities in their fundraising efforts…but they can be contacted via methods other than WhatsApp.
Today’s honeypot
And now that I’ve written this warning, I’m going to conduct a little experiment.
I’m going to reshare THIS post on LinkedIn.
With quotes from the first and fourth paragraphs that include several mentions of the word “GoFundMe”…plus the additional honeypot word #opentowork. (I haven’t planted an opentowork honeypot in a while. Oh, and not that they’ll notice, but the words “fraud” and “scam” also appear.
Grok.
Let’s see what moths are attracted to the new flame.
And consider what YOU are doing to fight fraud.
Bredemarket specializes in helping anti-fraud firms market their products.
(Image sources: Gemini (still), GoFundMe, Grok (video). Only the GoFundMe is real.)
As I’ve said before, you should write a proposal that resonates with the people who read it. In marketing terms, you write for the key personas in your target audience.
But what if your target audience never reads your proposal?
“A new minister in Albania charged to handle public procurement will be impervious to bribes, threats, or attempts to curry favour. That is because Diella, as she is called, is an AI-generated bot.
“Prime Minister Edi Rama, who is about to begin his fourth term, said on Thursday that Diella, which means “sun” in Albanian, will manage and award all public tenders in which the government contracts private companies for various projects.”
Imagen 4.
The intent is to stop corruption from “gangs seeking to launder their money from trafficking drugs and weapons.”
When people evaluate proposals
But how savvy is Diella?
Let me provide a proposal evaluation example that has nothing to do with corruption, but illustrates why AI must be robust.
A couple of years before I became a proposal writer, I was a Request for Proposals (RFP) writer…sort of. A Moss Adams consultant and I assembled an RFP that required respondents to answer Yes or No to a checklist of questions.
When the consultant and I received the proposals, we selected two finalists…neither of whom responded “Yes” to every question like some submissions.
We figured that the ones who said “Yes” were just trying to get the maximum points, whether they could do the work or not.
Imagen 4.
The two finalists gave some thought to the requirements and raised legitimate concerns.
Can Diella detect corruption?
Hopefully Diella is too smart to be fooled by such shenanigans. But how can she keep the gangs out of Albania’s government procurements?
Imagen 4.
Certainly on one level Diella can conduct a Know Your Business check to ensure a bidder isn’t owned by a gang leader. But as we’ve seen before in Hungary, the beneficial owner may not be the legal owner. Can Diella detect that?
Add to this the need to detect whether the entity can actually do what it says it will do. While I appreciate that the removal of humans prevents a shady procurement official from favoring an unqualified bidder, at the same time you end up relying on a bot to evaluate the bidders’ claims to competency.
Of course this could all be a gimmick, and Diella will do nothing more than give the government the aura of scientific selection, while in reality the same procurement officers will do the same things, with the same results.
I’ve written about the fake recruiters who InMail you about a great position with their company. I shut up the fakes by requesting their corporate email address at their supposed employer. But what if LinkedIn could catch them BEFORE they ever sent that InMail to me?
“LinkedIn is looking to take on scammers who falsely present themselves as recruiters or company representatives in the app, with an expansion of its company verification option, while it’s also making workplace verification required when a member adds or updates a leadership or recruiter-related role.”
From HR Dive.
Of course, the proposed Know Your Recruiter system isn’t foolproof; nothing is. Scammers can avoid the LinkedIn verification step by simply NOT choosing a leadership or recruiter-related job title.
Imagen 4.
And as much as people like me wish that people would care about verified identities…many don’t.
If “Jones Jay” from Microsoft sends jobseekers an InMail about a wonderful position,
some will blindly respond without even looking at Jones Jay’s LinkedIn profile at all,
much less checking whether his identity and employer are verified.
But at least the attempt demonstrates that LinkedIn cares more about their real users than about the scammers who pay for Premium.
It seems that some so-called “businesses” are using an EIN as a facade for illegal activity…and insufficient identity assurance is preventing the fraudsters from being caught.
Obtaining Employer Identification Numbers to commit tax fraud
What is an EIN? In the same way that U.S. citizens have Social Security Numbers, U.S. businesses have Employer Identification Numbers. It’s not a rigorous process to get an EIN; heck, Bredemarket has one.
But maybe it needs to be a little more rigorous, according to TIGTA.
“EINs are targeted and used by unscrupulous individuals to commit fraud. In July 2021, we reported that there were hundreds of potentially fraudulent claims for employer tax credits….Further, in April 2024, our Office of Investigations announced that it helped prevent $3.5 billion from potentially being paid to fraudsters. Our special agents identified a scheme where individuals obtained an EIN for the sole purpose of filing business tax returns to improperly claim pandemic-related tax credits.”
Yes, that’s $3.5 billion with a B. That’s a lot of fraud.
Perhaps the pandemic has come and gone, but the temptation to file fraudulent business tax returns with an improperly-obtained EIN continues.
Facade.
Enter the Identity Assurance Level
So how does the Internal Revenue Service (IRS) gatekeep the assignment of EINs?
By specifying an Identity Assurance Level (IAL) before assigning an EIN.
Specifically, Identity Assurance Level 1.
“In December 2024, the IRS completed the annual reassessment of the Mod IEIN system. The IRS rated the identity proofing and authentication requirements at Level 1 (the same level as the initial assessment in January 2020).”
IAL1 doesn’t “assure” anything…except continued tax fraud
If you’ve read the Bredemarket blog or other biometric publications, you know that IAL1 is, if I may use a technical term, a “nothingburger.” The National Institute of Standards and Technology (NIST) says this about IAL1:
“There is no requirement to link the applicant to a specific real-life identity. Any attributes provided in conjunction with the subject’s activities are self-asserted or should be treated as self-asserted (including attributes a CSP asserts to an RP). Self-asserted attributes are neither validated nor verified.”
If that isn’t a shady way to identity a business, I don’t know what is.
But I agree with TIGTA’s assertion that Identity Assurance Level 2, with actual evidence of the real-world identity, should be the minimum.
Does your firm offer an IAL2/IAL3 product?
And if your identity/biometric firm offers a product that conforms to IAL2 or IAL3, and you need assistance creating product marketing content, talk to Bredemarket.
Bredemarket 