Tag Archives: LinkedIn

What is the Difference Between “Bredemarket Identity Firm Services” and “Bredemarket”?

I’m putting myself in the shoes of someone reading stuff on LinkedIn or Facebook.

  • At one point, the reader may encounter a reference to “Bredemarket.”
  • At another point, the reader may encounter a reference to “Bredemarket Identity Firm Services.”

Are “Bredemarket” and “Bredemarket Identity Firm Services” two separate entities?

No.

They overlap.

So if your specific interest is biometrics, or secure documents, or other identity factors, visit Bredemarket Identity Firm Services.

If your interests are more general (such as product marketing), visit Bredemarket.

When We Trust No One: Did Substack REALLY Say It Was Breached?

When you’ve been around long enough, zero trust is an attitude, not a technology. Which is how I reacted when I received an email from Substack yesterday and questioned whether it was REALLY from Substack.

The email

How many of you received this email yesterday?

Hello,

I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission.

I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.

What happened. On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.

What we are doing. We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.

What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.

This sucks. I’m sorry. We will work very hard to make sure it does not happen again.

– Chris Best, CEO of Substack

My reaction

My jaded reaction?

“Yeah, right.”

Yes, the email came from “Substack Standards & Enforcement” at security@substack.com, but such emails can be faked, and a few months ago I received an email processed by Substack’s servers that was NOT sent by the Substack account owner.

So last night I went to Substack’s own Substack account @substack to see what it said about the matter.

At the time…nothing.

As far as I was concerned, my email and phone number MAY have been breached, or maybe not. Perhaps some nefarious actor was trying to make Substack look bad.

So I forgot about it.

The article

This morning I revisited the issue to see if any reputable organizations had written about it. Not finding a Washington Post article, I turned to TechCrunch. (I’ve been reading TechCrunch since the Arrington days.)

Newsletter platform Substack has confirmed a data breach in an email to users.

So TechCrunch relied on the same information I had. There was no indication that TechCrunch had reached out to Substack directly to confirm the authenticity of the email.

Then again, TechCrunch printed its article at 6:55 am PST, and it was still up an hour later at 8 am. If the email had been a scam, Substack would have contacted TechCrunch immediately.

So I guess the story is legit.

Three ways to inform users of a breach

The story goes well beyond Substack, since sites are breached all the time. As far as I’m concerned, the issue isn’t “if,” but “when.”

(And yes I’m looking at you, all Workday-using sites that set the app to require account creation. How will you respond when a jobseeker asks you how you will protect their data WHEN your site is breached?)

There are three ways to inform your users of a breach.

[Bitdefender] surveyed over 400 IT and security professionals who work in companies with 1,000 or more employees. Bitdefender found that 42% of IT and security professionals surveyed had been told to keep breaches confidential — i.e., to cover them up — when they should have been reported.

Perhaps even more shockingly, 29.9% of respondents admitted to actually keeping a breach confidential instead of reporting it.

  • Minimally inform them. What I’m calling the Substack method, where a breach is publicized via one easily-spoofed channel, and not on the platform itself.
  • Powerfully inform them. The KnowBe4 method, in which KnowBe4 confirmed on multiple platforms that a North Korean had successfully secured employment with the firm.

How will YOUR firm respond when you are breached?

And So the Scam Begins

I’ve previously noted that one possible sign of a scammer is when they don’t initiate a LinkedIn connection to you, but instead want you to initiate a LinkedIn connection to them. When a scammer is scamming, they can’t blow through a few thousand connection requests every day, so it’s better if the victims initiate the connection request themselves.

I immediately thought of this when I received an email from a Gmail account to one of my odd accounts entitled “Thinking of connecting.”

Um…why not just do it?

Here’s the text with the scammer’s alleged name changed:

“I saw your profile on LinkedIn and wanted to say hello. I’m Melania.

“I’ve always been interested in learning about different professional paths. This is just a friendly intro for the start of the week—no expectations on my end.”

Obviously I didn’t respond. Because I have no idea who the Gmail account holder REALLY is.

A day later, I received a second message that included the following:

“Things are actually pretty smooth and manageable on my end as the Operations Manager at Estée Lauder, so I’ve had some extra time to catch up with my network. I’d love to hear how your side of the world is treating you whenever you have a moment.”

Again, I didn’t respond. I didn’t even ask for “Melania’s” Estee Lauder email address (again, the emails are from a Gmail account).

Then we got to day three. Remember how Melania said she had viewed my LinkedIn profile? This was the next question she asked:

“Is it snowing where you are?”

Obviously she hadn’t read anything, and I was getting bored, so I blocked her from all email addresses.

Which is Harder: Know Your Employer, or Know Your Employee?

Of all the KYx acronyms (Know Your Customer, Know Your Business, etc.), two that interest LinkedIn users are Know Your Employer and Know Your Employee. How do you fight fraudulent employers and employees? And how do your prospects learn about your fraud fighting?

Read my latest article on LinkedIn in The Wildebeest Speaks: “Which is Harder: Know Your Employer, or Know Your Employee?

Google Gemini.

I Know This “Scam of the Day”: LinkedIn Employment Scams

I read “Scam of the Day” on Scamicide…well, daily. And the January 17 edition discussed a scam I know all too well.

“A recent development is scammers using the name of legitimate companies that are hiring and approaching their victims through LinkedIn’s direct messaging feature.  They then create counterfeit websites that look like the websites of the legitimate companies they are posing as and ask the job seekers for personal information…”

And you can guess what happens with that personal information. It doesn’t land you a real job, that’s for sure.

In addition to the tips that Scamicide provides, I have an additional one. BEFORE you provide your resume, before you send them a connection request, or definitely before you engage on Telegram or WhatsApp, ask this question:

“Can you provide me with your corporate email address?”

This usually shuts scammers up very quickly.

But don’t forget that while job applicants are avoiding fraudulent employers, legitimate employers are avoiding fraudulent applicants…perhaps from North Korea.

The Latest Know Your Employer Case

I was messaged on LinkedIn by Jenniffer Martinez, purportedly from HS Hyosung USA. She wanted my email address to send information about a job opportunity.

Why? 

“After reviewing your resume and relevant experience, we believe your management experience, professional background, and career stability are a strong match for Yaskawa Group’s current talent needs.”

(Only now did I notice the reference to Yaskawa Group, whatever it is.)

Eventually I told “Jenniffer” that I had contacted her employer directly.

By 11:30 she had deleted her entire conversation, which is why I took screen shots immediately.

And I never even got around to asking her for HER corporate email address.

No word from HS Hyosung USA, but it knows all about Jenniffer now (see final screen shot).

Know Your Employer.

Jenniffer, 1 of 3.
Jenniffer, 2 of 3.
Jenniffer, 3 of 3.
Jenniffer’s purported company.

Declutter and Focus

2025 has been a year of declutterring and focusing.

The declutterring is the hardest. I may still love that long sleeve shirt with holes in the right elbow. (Why always the right elbow? I’m left handed.) But it’s no longer good for me, and I should have gotten rid of it years ago.

Whether it’s a former friend—a great person who went silent and indifferent—or a newsletter from a company that rejected my 2023 job application and only contacted me afterwards because GDPR required it—the time has come to simplify and focus.

Now just a few hundred LinkedIn newsletters and email subscriptions to go.

And to see where I can focus now.

Why I Despise the Steps to Success

Sometimes I think that half of the people writing on Substack are telling people how to write on Substack. So they can in turn tell people how to write on Substack.

But the people promoting Substack success are nothing compared to the ones promoting LinkedIn success.

Bredemarket currently manages four LinkedIn pages, and recently received a notification from LinkedIn that someone commented on one of Bredemarket’s LinkedIn posts, and why haven’t I engaged with the commenter?

Then I went to the post and read the comment.

“Are we ready for better identification systems? Let’s explore potential solutions. 🔑 #Innovation”

LinkedIn.

Frankly, that comment sounded…formulaic. And I had a hunch that the commenter had left similar comments on other posts.

I was right.

LinkedIn.

Obviously the well-meaning commenter had read some advice on How To Maximize Your LinkedIn Profile Reach With Text, An Emoji, And A Hashtag. And frankly, it doesn’t matter whether the comments were self-written or bot-written. Either way, they’re ineffective.

I was going to have Bredebot write a response to the comment for me, but in the end I didn’t bother.

Avoid rote steps to success. Be yourself.

And yes, I will probably post this to the same LinkedIn page, in case the commenter revisits.

GoFundMe? No, GoFund ME! Fraud Scams Targeting Fundraisers

On LinkedIn, the hashtag “#opentowork” isn’t the only magic phrase that attracts all sorts of people. I found this out Sunday morning when I reshared my September 26 “Graber Olives is in Foreclosure…But There’s a GoFundMe” post on Bredemarket’s Inland Empire LinkedIn page. 

You will recall that the post detailed Kelsey Graber’s fundraising efforts to keep the Graber Olive House from foreclosure. As of October 19 the GoFundMe fundraiser is still active at the https://www.gofundme.com/f/dont-let-ontario-lose-its-oldest-landmark URL.

Save Graber Olive House GoFundMe.

I should note this is Kelsey Graber’s GoFundMe. This is not my GoFundMe. 

Anyway, I reshared the post on LinkedIn…and got all sorts of reposts…with additional commentary. The commentary was not addressed to the GoFundMe fundraiser…but to me. (The resharers probably never read my original post; they just saw the word “GoFundMe” and jumped.) I’ve redacted the redirects to WhatsApp…a common fraud scam tactic.

The scammers’ what

Foone Berkeley:

“Hi, I came across your campaign, really impressive work. It reminded me of an independent group I’ve seen quietly helping project owners connect with private contributors who genuinely want to make a difference.

I’m not part of their team, but I’ve seen them support a few people in my circle. If you’re open to exploring new sources of backing, you can reach them directly here:

📞 WhatsApp: [REDACTED]

They usually prefer to speak one-on-one with campaign owners to understand their goals and see if there’s a good fit.

Wishing you continued success, your work truly deserves attention.”

Alex Mary:

“Hello 🌸 I just read your campaign, and it truly touched me. I know how tough fundraising can be, but there are genuine people out there who want to help. A trusted charity once helped me raise over $38,000 after I’d almost given up. If you’d like, you can message them on WhatsApp 👉 [REDACTED] they might be able to guide you too. 💙”

Olivia Williams:

“If you’re looking to grow your campaign donations fast, I truly recommend reaching out to Crowd. She’s an expert in GoFundMe promotions and helped me raise over $180,000 a few months ago! he knows exactly how to attract real donors and get results. You can contact her directly here [REDACTED]”

The scammers’ how

Let’s look at the red flags common to all three:

  • The person is touched by the fundraising effort, but doesn’t say anything specific about them. (And doesn’t acknowledge that this is someone else’s fundraiser, not mine.)
  • The person resharing is not the person who can provide help. It’s always someone else: an independent group, a trusted charity, or a woman (or man?) named Crowd.
  • The person wants to get you off LinkedIn as soon as possible. Private email, SMS, or an encrypted service like WhatsApp or Telegram.

The scammers’ goals

So why are these people so willing to recommend helpers who can assist desperate GoFundMe fundraisers? GoFundMe itself has addressed this:

“If someone you don’t know is reaching out to offer something that sounds too good to be true, we always recommend validating the individual before sharing any personal information. Donors and donor networks shouldn’t expect anything from you in return for their generosity.”

Two common tactics include:

  • Guarantee reaching your fundraising goal in exchange for a service fee or percentage of funds raised
  • Make a donation if you provide personal information such as email address, phone number, or banking information

There are other tactics, but the goal is the same. Instead of helping you raise money, the “helper” wants to get money from you.

Now there are legitimate companies that assist charities in their fundraising efforts…but they can be contacted via methods other than WhatsApp.

Today’s honeypot 

And now that I’ve written this warning, I’m going to conduct a little experiment.

I’m going to reshare THIS post on LinkedIn.

With quotes from the first and fourth paragraphs that include several mentions of the word “GoFundMe”…plus the additional honeypot word #opentowork. (I haven’t planted an opentowork honeypot in a while. Oh, and not that they’ll notice, but the words “fraud” and “scam” also appear.

Grok.

Let’s see what moths are attracted to the new flame.

And consider what YOU are doing to fight fraud.

Bredemarket specializes in helping anti-fraud firms market their products.

(Image sources: Gemini (still), GoFundMe, Grok (video). Only the GoFundMe is real.)