Identity/biometrics/technology marketing and writing services
After a month, I expanded things a bit.
Bredemarket is focusing on the channels that matter:
And no, the unsubscribable Instagram is not in my current mix.
So I finally wrote my new edition of my LinkedIn newsletter The Wildebeest Speaks—“On Types of Expertise”—on March 11.
And then found a spelling error on March 12.
Now if this had been client work, I would have quietly fixed it and went on my merry way.
But I’m more transparent when I’m writing for myself.
So rather than quietly correcting the error, I publicly did so.
In addition to preserving my transparency, the episode allowed me to illustrate the difference between tactics and strategy.
When a writer misspells the word “tactical” in an article and freely admits making the error, this is a tactic…not a strategy.
March 29 update here.
At least temporarily, Bredemarket is focusing on:
I’m putting myself in the shoes of someone reading stuff on LinkedIn or Facebook.
Are “Bredemarket” and “Bredemarket Identity Firm Services” two separate entities?
No.
They overlap.
So if your specific interest is biometrics, or secure documents, or other identity factors, visit Bredemarket Identity Firm Services.
If your interests are more general (such as product marketing), visit Bredemarket.
When you’ve been around long enough, zero trust is an attitude, not a technology. Which is how I reacted when I received an email from Substack yesterday and questioned whether it was REALLY from Substack.
How many of you received this email yesterday?
Hello,
I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission.
I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.
What happened. On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.
What we are doing. We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.
What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.
This sucks. I’m sorry. We will work very hard to make sure it does not happen again.
– Chris Best, CEO of Substack
My jaded reaction?
“Yeah, right.”
Yes, the email came from “Substack Standards & Enforcement” at security@substack.com, but such emails can be faked, and a few months ago I received an email processed by Substack’s servers that was NOT sent by the Substack account owner.
So last night I went to Substack’s own Substack account @substack to see what it said about the matter.
At the time…nothing.
As far as I was concerned, my email and phone number MAY have been breached, or maybe not. Perhaps some nefarious actor was trying to make Substack look bad.
So I forgot about it.
This morning I revisited the issue to see if any reputable organizations had written about it. Not finding a Washington Post article, I turned to TechCrunch. (I’ve been reading TechCrunch since the Arrington days.)
Newsletter platform Substack has confirmed a data breach in an email to users.
So TechCrunch relied on the same information I had. There was no indication that TechCrunch had reached out to Substack directly to confirm the authenticity of the email.
Then again, TechCrunch printed its article at 6:55 am PST, and it was still up an hour later at 8 am. If the email had been a scam, Substack would have contacted TechCrunch immediately.
So I guess the story is legit.
The story goes well beyond Substack, since sites are breached all the time. As far as I’m concerned, the issue isn’t “if,” but “when.”
(And yes I’m looking at you, all Workday-using sites that set the app to require account creation. How will you respond when a jobseeker asks you how you will protect their data WHEN your site is breached?)
There are three ways to inform your users of a breach.
[Bitdefender] surveyed over 400 IT and security professionals who work in companies with 1,000 or more employees. Bitdefender found that 42% of IT and security professionals surveyed had been told to keep breaches confidential — i.e., to cover them up — when they should have been reported.
Perhaps even more shockingly, 29.9% of respondents admitted to actually keeping a breach confidential instead of reporting it.
How will YOUR firm respond when you are breached?
I’ve previously noted that one possible sign of a scammer is when they don’t initiate a LinkedIn connection to you, but instead want you to initiate a LinkedIn connection to them. When a scammer is scamming, they can’t blow through a few thousand connection requests every day, so it’s better if the victims initiate the connection request themselves.
I immediately thought of this when I received an email from a Gmail account to one of my odd accounts entitled “Thinking of connecting.”
Um…why not just do it?
Here’s the text with the scammer’s alleged name changed:
“I saw your profile on LinkedIn and wanted to say hello. I’m Melania.
“I’ve always been interested in learning about different professional paths. This is just a friendly intro for the start of the week—no expectations on my end.”
Obviously I didn’t respond. Because I have no idea who the Gmail account holder REALLY is.
A day later, I received a second message that included the following:
“Things are actually pretty smooth and manageable on my end as the Operations Manager at Estée Lauder, so I’ve had some extra time to catch up with my network. I’d love to hear how your side of the world is treating you whenever you have a moment.”
Again, I didn’t respond. I didn’t even ask for “Melania’s” Estee Lauder email address (again, the emails are from a Gmail account).
Then we got to day three. Remember how Melania said she had viewed my LinkedIn profile? This was the next question she asked:
“Is it snowing where you are?”
Obviously she hadn’t read anything, and I was getting bored, so I blocked her from all email addresses.
Of all the KYx acronyms (Know Your Customer, Know Your Business, etc.), two that interest LinkedIn users are Know Your Employer and Know Your Employee. How do you fight fraudulent employers and employees? And how do your prospects learn about your fraud fighting?
Read my latest article on LinkedIn in The Wildebeest Speaks: “Which is Harder: Know Your Employer, or Know Your Employee?“
I read “Scam of the Day” on Scamicide…well, daily. And the January 17 edition discussed a scam I know all too well.
“A recent development is scammers using the name of legitimate companies that are hiring and approaching their victims through LinkedIn’s direct messaging feature. They then create counterfeit websites that look like the websites of the legitimate companies they are posing as and ask the job seekers for personal information…”
And you can guess what happens with that personal information. It doesn’t land you a real job, that’s for sure.
In addition to the tips that Scamicide provides, I have an additional one. BEFORE you provide your resume, before you send them a connection request, or definitely before you engage on Telegram or WhatsApp, ask this question:
“Can you provide me with your corporate email address?”
This usually shuts scammers up very quickly.
But don’t forget that while job applicants are avoiding fraudulent employers, legitimate employers are avoiding fraudulent applicants…perhaps from North Korea.
I was messaged on LinkedIn by Jenniffer Martinez, purportedly from HS Hyosung USA. She wanted my email address to send information about a job opportunity.
Why?
“After reviewing your resume and relevant experience, we believe your management experience, professional background, and career stability are a strong match for Yaskawa Group’s current talent needs.”
(Only now did I notice the reference to Yaskawa Group, whatever it is.)
Eventually I told “Jenniffer” that I had contacted her employer directly.
By 11:30 she had deleted her entire conversation, which is why I took screen shots immediately.
And I never even got around to asking her for HER corporate email address.
No word from HS Hyosung USA, but it knows all about Jenniffer now (see final screen shot).
Know Your Employer.
2025 has been a year of declutterring and focusing.
The declutterring is the hardest. I may still love that long sleeve shirt with holes in the right elbow. (Why always the right elbow? I’m left handed.) But it’s no longer good for me, and I should have gotten rid of it years ago.
Whether it’s a former friend—a great person who went silent and indifferent—or a newsletter from a company that rejected my 2023 job application and only contacted me afterwards because GDPR required it—the time has come to simplify and focus.
Now just a few hundred LinkedIn newsletters and email subscriptions to go.
And to see where I can focus now.
Bredemarket