Jobseekers, including myself, have endured endless debates about the pros and cons of LinkedIn’s “Open to Work” green banner. While these debates seem to have died down, there are still arguments about whether the green banner does more harm than good.
The good? Legitimate employers know that you are open to work.
The harm? Scammers, AI-powered resume writers, and other ne’er-do-wells also know that you are open to work.
Customers won’t find you unless you buy this shady service
But this is not confined to jobseekers.
Bredemarket receives an uncounted number of telephone calls, from multiple numbers, all of which begin with the same question: “Am I speaking to the business owner?”
The caller then offers a free consultation regarding your Google Business listing and your Google voice search results.
And when I bother to take the calls, they are disappointed to hear that Google yanked my Google Business listing (Google never told me why, but I assume it relates to the fact that I do not physically conduct business at my UPS Store mailing address).
And that it was the best thing for me when Google did that.
You don’t walk up to my office and request a retainer or hourly services or small projects. You contact me by various means and we talk, you in your office and me in mine. Even the local customers aren’t going to drop by, especially since my City of Ontario business license prohibits me from meeting customers at my home.
Anyway, all these cold callers are NOT part of Bredemarket’s target audience.
And the myriad of Google Business Listing advisors are just one of the types of people who have no interest in buying my services.
How to attract real prospects
So I create Bredemarket’s content to attract identity, biometric, and technology marketing professionals. Two recent examples:
I’ve decided to tweak Bredemarket’s public presentation by talking more about strategy. And although I’ve written some new strategy content recently, it’s a heck of a lot easier to repurpose some of the old content I’ve already written.
Such as my July 31, 2025 personal LinkedIn article (separate from Bredemarket’s “The Wildebeest Speaks”…which reminds me, I gotta write another one of those).
SMART: specific, measurable, attainable, relevant, and time-bound.
OKRs: Objectives and Key Results.
Putting it simply, the article talked about the myriad of things a product marketer was expected to do at one company.
Or at any company, frankly. Product marketing job descriptions are fairly interchangeable. Go-to-market. Sales enablement. Competitive analysis. Metrics. Cross-functional collaboration. If you think YOUR company’s product marketing is amazing and different…it isn’t.
The entire list of product marketing duties is a bunch of tactical moves. A brochure here, a battlecard there. It could devolve into a lot of meaningless busywork. (Says the guy who has now written over 2,000 blog posts.)
But WHY are you doing all this junk?
That’s where the strategy comes to play.
Why?
For example, why are you establishing and obtaining approval for this?
“a multi-tiered go-to-market process identifying the go-to-market tiers, the customer-facing and internal deliverables for each tier, as well as the responsible, accountable, consulted, and informed organizations for each deliverable”
Let me list three reasons:
To ensure your go-to-market efforts contain the correct deliverables for the tier. Running around like a headless chicken to guess what you need to produce is idiotic.
To make sure everybody knows what they have to do. You don’t want a go-to-market effort to tank because the VP of Product won’t approve the customer success internal deliverable.
And let’s not forget the biggest reason of all: to allow the product in your go-to-market revenue to get a ton of orders and make a ton of revenue.
Because that’s why you’re marketing products…I hope.
Ask before you act
A helpful tip: before I get into the minutiae (tip your servers, I’m here all week) of a project, I ask a lot of questions first. “Why?” is the first question, but there are more.
The seven questions I ask. One you’ve seen the movie, now read the book.
Speaking of asking, if you want to ask Bredemarket for help with your strategy and tactics for content, proposal, and analysis work, click on the Content for Tech Marketers image below and schedule a free meeting with me.
Why do scammers target anti-fraud experts? Because sometimes we’re dumb too.
But in this case I didn’t fall for the two deepfake recruiters who emailed me yesterday.
However, I have some concerns about the REAL recruiters that the fraudsters were impersonating.
Deepfake recruiter 1, the Senior Vice President
The first fraudster emailed me early Tuesday morning California time:
Hi John,
I hope you’re doing well. My name is Ethan [REDACTED LAST NAME SPELLED WITH AN “E”], Senior Vice President at Aerotek, a national staffing and recruiting firm.
I’m reaching out regarding a confidential, retained search for a Senior Product Marketing Leader with a real, actively operating company in the identity verification and biometrics space. Your background in product marketing, go-to-market strategy, and competitive intelligence across identity technology firms stood out strongly during our shortlist review.
This role is ideal for leaders who drive product launches, shape competitive positioning, and accelerate growth in B2B/B2G SaaS environments.
If this aligns with what you’re exploring, I’d be happy to share the full role brief.
Best regard Ethan [REDACTED LAST NAME SPELLED WITH AN “A”]
When a Senior Vice President can’t spell his own last name consistently, that’s a warning flag.
When said Senior Vice President emails me from ethan.aerotek.desk2@gmail.com, that’s another.
Turns out Ethan is a U.S. based person employed by Aerotek, with the same picture used in the Gmail account (which I guess qualifies this as a “deepfake”), but he is a Recruiter, not a Senior Vice President.
So I messaged the real Ethan on LinkedIn early Tuesday morning, reproducing the email message above and prepending it with:
Ethan, I received this from a Gmail address
Replying to the fake recruiter
Then I responded to the email from the fake Ethan:
Ethan, I have contacted you via LinkedIn. Please provide your Aerotek email address. Your client will understand.
My final comment probably went over the fake Ethan’s head, but any identity verification company would clearly understand why a candidate would insist on an Aerotek address rather than a Gmail address. Except in certain circumstances that I’ll address later.
And of course Aerotek would be very concerned about fraudsters impersonating real Aerotek employees…or so you’d think.
Back to the fake, who responded a few minutes later. Oddly enough, even though Ethan is U.S.-based, this email indicated that my reply was received in a time zone eight hours ahead of the Pacific Time Zone. Anyway, here’s the fake Ethan’s non-surprising response.
Thank you for reaching out. I’ve been experiencing some technical issues with LinkedIn this week, so I appreciate you continuing the conversation here.
This is the usual tactic employed by scammers. Stay off reputable platforms such as LinkedIn and move the conversation to another platform, in this case email. At least fake Ethan didn’t direct me to WhatsApp or Telegram.
As of Wednesday morning I left both conversations there. I didn’t reply to the fake Ethan’s latest email, and the real Ethan didn’t reply to my messsage.
And that’s a problem.
Concerns about the real recruiter
As I mentioned earlier, Aerotek obviously doesn’t want fraudsters impersonating their employees. And Aerotek employees certainly don’t want fraudsters impersonating them and lifting their facial images for fake Gmail accounts.
But the real Ethan apparently hasn’t checked his LinkedIn account in over 24 hours, and is completely unaware that a fraudster is impersonating him.
Causing damage to him and his employer.
If you’re a recruiter (or any professional) and you have a LinkedIn account, check it regularly. You don’t know what you’re missing.
But let’s move on to deepfake 2: technically not a deepfake since the fraudster only appropriated a name and not a likeness, but worrisome all the same.
Deepfake recruiter 2, the independent and invisible recruiter
The second fraudster emailed me late in the afternoon California time.
Hello John,
I hope you’re doing well.
I recently came across your background in B2B/B2G SaaS product marketing, particularly your work across identity, biometrics, and broader technology markets. Your experience driving product launches, developing go-to-market strategy, and building high-impact content and competitive intelligence frameworks really stood out.
I’m currently supporting a respected technology organization operating at the intersection of SaaS, cybersecurity, and identity, and your ability to bridge complex technical solutions with clear market positioning aligns closely with what they’re looking for.
Given your track record of both strategic thinking and execution (“ask, then act” definitely came through), I believe you could be a strong fit for this opportunity.
If you’re open to exploring, I’d be happy to share a brief overview of the role and why I feel it aligns well with your background.
Looking forward to hearing your thoughts.
Again this person emailed me from a Gmail address, consisting of the person’s name with an appended “8.”
Finding the real recruiter
So I checked out this person also, and discovered a few things.
This is also a real person, based in Europe. So she supposedly sent this email after midnight her time.
The real recruiter DOES have a Gmail address, but without the “8.” Why? Because the person is NOT employed by a huge recruiting firm such as Aerotek, but is a self-employed recruiting specialist. So it’s understandable that the real recruiter has a Gmail address. But as we will see, not advisable.
Her company name is her name with the word “Consulting” appended, according to her personal LinkedIn profile.
So I messaged the real recruiter with the message “Possible scam artist” and the email address (with the “8”) that sent the message.
Replying, and not replying, to the fake recruiter
About an hour later (now well after midnight European time), I received a second email from the fake recruiter that didn’t reference my reply to the first one.
Hello John,
I hope you’re doing well.
I recently came across your background in B2B/B2G SaaS product marketing, and your work across identity, biometrics, and go-to-market strategy really stood out—particularly your experience positioning complex technologies like IAM, biometrics, and AI-driven solutions.
Your track record in product launches, competitive intelligence, and building high-impact content at scale aligns closely with what we’re currently prioritizing.
I’m supporting a respected technology organization that is expanding its product marketing leadership team, and based on your experience, you could be a strong fit—especially given your depth across both public sector (B2G) and commercial (B2B) environments.
If you’re open to exploring, I’d be happy to share a brief overview of the role and why I believe it aligns well with your background.
Looking forward to hearing your thoughts.
I didn’t bother to reply to the second email from the fake recruiter, or to notify the real recruiter of the second email.
Eventually I received a reply to my first email early Wednesday morning…oddly enough, indicating that the fake was in the Pacific Time Zone, not Europe. (Note to scammers: change your computer and software settings so that your time zone matches the time zone of the person you’re impersonating.)
Here’s how the reply began:
Thank you for your message here—and I did see your note on LinkedIn as well. Apologies for the slight delay in getting back to you, I was tied up attending to a few things earlier.
Yeah, sure you saw my LinkedIn InMail.
Anyway, forget about the scammer. Let’s look at the real recruiter.
Concerns about the real recruiter
As I mentioned, the real recruiter has a personal LinkedIn profile and a Gmail address.
And that’s it.
I couldn’t find a LinkedIn company page for her consulting company.
A couldn’t find a website for her consulting company.
In fact, the ONLY reference I found to her consulting company was her personal LinkedIn page.
And that’s a problem.
The fact that she has no LinkedIn posts and no LinkedIn recommendations is another.
Now I’ll grant that many consultants get their business from word-of-mouth. Bredemarket certainly does.
But the only publicly-known way to contact THIS consultant is via email or LinkedIn InMail.
And as of now she hasn’t checked her InMail in over 12 hours.
What if she were to lose access to her LinkedIn account?
If you’re an independent recruiting consultant, own your own website, and don’t depend upon someone else’s social platform.
That’s one reason why Bredemarket offers several ways to reach me, most importantly the contact mechanisms available on my own website, free of the control of Microsoft, Meta, or any other company that could yank my access at the drop of a hat.
But there are others.
Bredemarket’s active platforms as of March 29, 2026.
So if you have content or other needs…such as the need to create content to publicize your recruiting consultancy…why don’t you talk to me?
I’m putting myself in the shoes of someone reading stuff on LinkedIn or Facebook.
At one point, the reader may encounter a reference to “Bredemarket.”
At another point, the reader may encounter a reference to “Bredemarket Identity Firm Services.”
Are “Bredemarket” and “Bredemarket Identity Firm Services” two separate entities?
No.
They overlap.
“Bredemarket” is my actual company that provides marketing and writing services (content, proposals, analysis) to identity, biometric, technology, and general business firms in California’s Inland Empire and throughout the United States.
When you’ve been around long enough, zero trust is an attitude, not a technology. Which is how I reacted when I received an email from Substack yesterday and questioned whether it was REALLY from Substack.
The email
How many of you received this email yesterday?
Hello,
I’m reaching out to let you know about a security incident that resulted in the email address and phone number from your Substack account being shared without your permission.
I’m incredibly sorry this happened. We take our responsibility to protect your data and your privacy seriously, and we came up short here.
What happened. On February 3rd, we identified evidence of a problem with our systems that allowed an unauthorized third party to access limited user data without permission, including email addresses, phone numbers, and other internal metadata. This data was accessed in October 2025. Importantly, credit card numbers, passwords, and financial information were not accessed.
What we are doing. We have fixed the problem with our system that allowed this to happen. We are conducting a full investigation, and are taking steps to improve our systems and processes to prevent this type of issue from happening in the future.
What you can do. We do not have evidence that this information is being misused, but we encourage you to take extra caution with any emails or text messages you receive that may be suspicious.
This sucks. I’m sorry. We will work very hard to make sure it does not happen again.
– Chris Best, CEO of Substack
My reaction
My jaded reaction?
“Yeah, right.”
Yes, the email came from “Substack Standards & Enforcement” at security@substack.com, but such emails can be faked, and a few months ago I received an email processed by Substack’s servers that was NOT sent by the Substack account owner.
So last night I went to Substack’s own Substack account @substack to see what it said about the matter.
At the time…nothing.
As far as I was concerned, my email and phone number MAY have been breached, or maybe not. Perhaps some nefarious actor was trying to make Substack look bad.
So I forgot about it.
The article
This morning I revisited the issue to see if any reputable organizations had written about it. Not finding a Washington Post article, I turned to TechCrunch. (I’ve been reading TechCrunch since the Arrington days.)
Newsletter platform Substack has confirmed a data breach in an email to users.
So TechCrunch relied on the same information I had. There was no indication that TechCrunch had reached out to Substack directly to confirm the authenticity of the email.
Then again, TechCrunch printed its article at 6:55 am PST, and it was still up an hour later at 8 am. If the email had been a scam, Substack would have contacted TechCrunch immediately.
So I guess the story is legit.
Three ways to inform users of a breach
The story goes well beyond Substack, since sites are breached all the time. As far as I’m concerned, the issue isn’t “if,” but “when.”
(And yes I’m looking at you, all Workday-using sites that set the app to require account creation. How will you respond when a jobseeker asks you how you will protect their data WHEN your site is breached?)
There are three ways to inform your users of a breach.
[Bitdefender] surveyed over 400 IT and security professionals who work in companies with 1,000 or more employees. Bitdefender found that 42% of IT and security professionals surveyed had been told to keep breaches confidential — i.e., to cover them up — when they should have been reported.
Perhaps even more shockingly, 29.9% of respondents admitted to actually keeping a breach confidential instead of reporting it.
Minimally inform them. What I’m calling the Substack method, where a breach is publicized via one easily-spoofed channel, and not on the platform itself.
Powerfully inform them. The KnowBe4 method, in which KnowBe4 confirmed on multiple platforms that a North Korean had successfully secured employment with the firm.
I’ve previously noted that one possible sign of a scammer is when they don’t initiate a LinkedIn connection to you, but instead want you to initiate a LinkedIn connection to them. When a scammer is scamming, they can’t blow through a few thousand connection requests every day, so it’s better if the victims initiate the connection request themselves.
I immediately thought of this when I received an email from a Gmail account to one of my odd accounts entitled “Thinking of connecting.”
Um…why not just do it?
Here’s the text with the scammer’s alleged name changed:
“I saw your profile on LinkedIn and wanted to say hello. I’m Melania.
“I’ve always been interested in learning about different professional paths. This is just a friendly intro for the start of the week—no expectations on my end.”
Obviously I didn’t respond. Because I have no idea who the Gmail account holder REALLY is.
A day later, I received a second message that included the following:
“Things are actually pretty smooth and manageable on my end as the Operations Manager at Estée Lauder, so I’ve had some extra time to catch up with my network. I’d love to hear how your side of the world is treating you whenever you have a moment.”
Again, I didn’t respond. I didn’t even ask for “Melania’s” Estee Lauder email address (again, the emails are from a Gmail account).
Then we got to day three. Remember how Melania said she had viewed my LinkedIn profile? This was the next question she asked:
“Is it snowing where you are?”
Obviously she hadn’t read anything, and I was getting bored, so I blocked her from all email addresses.
Bredemarket 