Security professionals can benefit from optimizing their LinkedIn profiles. If you have been job hunting for the last two years, you are aware of how many hiring companies are including your LinkedIn profile link in the application process. Have you ever wondered why?
LinkedIn has changed and evolved in the last few years. Today, it’s not only a professional networking platform but also a place where someone can find educational and valuable information (articles and posts), they can exchange opinions, and learn from other professionals so they can stay current with the latest industry trends.
According to Statista, LinkedIn is the seventh fastest growing brand across the globe in 2022.
-LinkedIn is a great place to find decision makers, As of late 2021, the platform claims to reach more than 65 million business decision-makers and making it easier to find customers by searching either their name, position, or company.
-20% of investors say that it’s the best platform when you want to learn about a topic.
-55% of decision-makers use thought leadership to determine which organization to work with.
-Your employees are 60% more likely to engage with posts from coworkers and 14 times more likely to share your organization’s page content and news.
-LinkedIn received a total of 4.4 billion visits from April 2022 to June 2022. This works out to an average of just below 1.5 billion views per month.
-It is a great recruitment tool, as of December 2021, there are more than 180 million US workers with profiles on LinkedIn. What’s more, over 97,000 companies use it for recruitment purposes.
-According to Pew Research Center’s Social Media Use in 2021, almost a third (28%) of adults in the United States use LinkedIn.
-The platform has listed over 58 million companies and 120,000 schools.
Most importantly, your LinkedIn profile can be the foundation for your personal branding as a security professional. Less than 10 minutes a day on LinkedIn can bring more leads to you than spending hours on other social media platforms (that are not designed for professional networking) or spending thousands of dollars on social media marketing companies who do not know your industry, therefore, your target group and what they want to hear.
When I started my career in 2002, I was a female in a highly male-dominated industry, living in a country where security was at it’s inception and, more specifically, women in the industry were something entirely new. Through this specific platform, I managed to network and reach out to colleagues and companies in other countries where, previously, I wouldn’t have been able to make my presence known. Through the content I began putting out, I managed to brand myself and my services. Almost 25% of my work and contracts are the result of using this platform.
Many underestimate the use of LinkedIn, however, If used as it’s intended, the platform can help you take your career to the next level. Personal Branding can be a very powerful tool to make you stand out and differentiate yourself from your other colleagues. People should see the value of being connected with you, and LinkedIn can help you achieve that.
Here are some simple steps that you may find helpful:
• Use a professional profile picture by following your industry’s standards (what can be accepted as a profile attire and pictures for someone who is in the fitness or show biz industry may not be acceptable for someone in the legal, finance, or security industry). Profiles with photos are considered more genuine. Don’t forget your background photo, it works as the second visual element of your profile.
• Use the headline to describe you in few words, what do you do and what are the primary attributes or skills that you want people to remember you having?
• Pay attention to your profile’s summary, it is very important you have one. This is your chance to put your words to work and describe how your skills can set you apart from others.
• Be creative with your profile summary and use words such as open-minded, problem solver, accountable, task-oriented, flexible, etc.
• List your skills, your education, and your professional experience (Please remember confidentiality and do not mention clients’ names).
• Grow your network. A major mistake I see security professionals do is they limit their network to only professionals who are within their industry. However, your network should be ANYONE who can be in contact with potential clients. Think outside of the normal. Family Offices, Household Agencies, Wealth Management companies, Legal and Financial institutions, nanny providers, etc.
• Be informed on the latest news about upcoming leaders and founders in the FinTech arena, and add them to your network. While they may not need your services today, they may tomorrow.
• List what services you offer that can boost your visibility in search results.
• Take a LinkedIn skill assessment. This usually presents as an online test, and statistic shows that profiles with verified skills are 30% more likely to be hired.
• Request and give recommendations for your colleagues. A solid support structure is the building block of your “community.”
• Share relevant industry content, news, and research surrounding studies you are involved with and also other fellow professionals’ articles as well.
• Post articles, stories, and relevant threads, that appear in publications and blogs that mention you or your company by name. By using this feature, you can draw attention as a subject matter expert.
• Follow relevant professionals in the industry. Be more active if you like their posts by liking, commenting, and sharing their content.
• Create your OWN CONTENT. We can never address how important this is and how helpful it can be to your personal branding. Being someone who adds his/her own thoughts, expertise, and questions will help you to be seen as a valuable connection. The more interesting and educational the content you share, the more you establish yourself and your expertise among others in the industry. And while you do that, do not forget the importance of engaging with your audience. Pay attention to their feedback and comments. Respond to them, have a professional debate regarding subjects but never allow yourself to be drawn into an argument that is nothing more than a troll-hunting expedition. A wise person once told me, “Never engage in a mud-slinging competion…NO matter who wins or loses, you’re both covered in mud, and no one comes out looking pretty.”
If you want to distinguish yourself as a thought leader in your niche and create your brand name as a Security provider, LinkedIn should definitely be a part of your marketing strategy.
We are very happy and quite proud to announce that Nannyguards has been selected by the Leaders Network team at Meta to showcase our success story. It has been a tough road and many long hours since the very first day Nannyguards was created and we feel extremely blessed to share our work and heartfelt passion with some amazing professionals who have since joined our team. Dr. Mary Beth Wilkas Janke (Psychology), JD Elkin (Cyber Security Awareness), Kelly Sayre (Situational Awareness) and Chris Grow.
Lately, there have been a lot of reports from colleagues regarding job scams within the security industry with scammers posing as recruiters or hiring companies’ employees offering a job and requiring candidates to pay fees using the justification of a training costs, work visa, travel expenses, background checks, etc.
Keep in mind that there are many people desperate to get a job and support their families, as well as the fact that they are operating within an industry that in many countries has no standards and is not regulated by official governmental authorities. This leads to a trend of less than honest people who find an easy way to expand their fraudulent activities and rip off our colleagues.
Types of known scams used against security professionals
• Advanced Fee Fraud or 419 Fraud
In the security industry, this is a form of fraud where scammers posing as recruiters or hiring companies’ employees offer you a job and require you to pay them some of the fees associated with training, work visas, travel expenses, running background checks, etc. Typically, they offer you a very attractive job placement, with good money and great benefits. Some of them can be monitoring your online networking profiles and can ‘’read’’ your work needs and offer you a package according to what they discover about you. When you put a ‘’Open to Work’’ banner on your LinkedIn or a post saying you are looking for a job, be sure scammers are monitoring you. After they contact you, they start extracting your personal information from you. What they hope to obtain is your full name, bank account details, PayPal information, Social Security Number, driver’s license, and generally any other information they can use to get money from you. After they have gained your trust, they tell you that you qualify for their job, but in order to proceed, you will need to send them some money for either visa applications or criminal background checks. Some of them will require you to join and pay for one of their training courses, seminars, or conferences to be considered for hiring.
• Employment/ Career scams
Employment and career-related scams include companies trying to sell you products or services attempting to collect your personal information to sell to a third party who will then try to market their products/services to you.
• Career Consulting Scams
You may be contacted by “career consultants” who are impressed with your qualifications and would like to represent you. In addition, you will have to pay for their marketing, resume writing, resume reviews, or other career-related services.
• Recruiting Scams
Recruiters may contact you saying that they have clients with positions that you could be qualified for, though they don’t have any current openings. However, they then offer training sessions to purchase that will enhance your candidacy. They want to sell you their products/training but there is no guarantee of any employment.
• Bait and Switch Scams
With this scam, you apply for a job, and you get called for an interview. During the interview, you discover that the job you applied for doesn’t exist (or all positions are filled), and the company tries to draw your interest to a completely different position. ‘’When a company is hiring for jobs that nobody wants, bad benefits, less money, or horrible working conditions, they believe they may be able to more readily convince someone to take the job if they discuss it with them in person, so they mislead you about one job until they get you in for the interview and then talk to you in person regarding the other job’’.
• Phishing Scams
In this type of scam, you get an email saying a company has clients with open positions that you could be qualified for, even sending you the description of what could be a legitimate job opening: “Your online resume has recently come to my attention. I am impressed with your qualifications. A client of mine needs to fill an opening, and because of your previous experience in the executive protection industry, I believe you might be a solid match. In order to see the full job description, just click on the link below or paste it into your browser’s address bar.” Sometimes you are also given a code to enter. What’s happening is this: You are directed to a link on a website, where you fill out a form with your contact information and other personal information. This is an attempt to collect your personal information, either to sell your services or information to a third party or, even worse, you just opened your door to a virus being downloaded to your pc. If any links are sent to you by a potential threat actor, search for them on urlscan.io. This website may indicate whether it is malicious.
Other common scam tactics to look out for:
• Is there a sense of urgency? If yes, consider it a red flag. Legitimate companies and recruiters won’t push you to accept a job offer in an urgent manner.
• Pay attention if they are using attractive words and offering you the job of your dreams.
• Be careful if you get asked to pay for any equipment and send it to the address they require for ‘’software installation’’.
• Even if the company exists and they have a registered domain and a website up and running, you are emailing back and forth, and after some time, they ask you to pay them…stay away!
• If a recruiter asks to divert the messages to an encrypted application like WhatsApp, Skype, or Telegram, this is of concern and could be indicative of a scam.
• If you have only spoken to one person in the company over the phone and have yet to meet or view anyone face-to-face (even virtually), this could be a scam. Most interviews have several individuals present at the interview stage or in the second round of interviews.
• Scammers may primarily use phone calls and messages as a means of communication, especially if they are impersonating a CEO or recruiter online. It would be worthwhile to ask for a video chat instead, so that you can cross-reference the images online to the person you are speaking with. There has also been an increase in deepfakes used in video chats like zoom, with a recent article recommending that you ask the individual to turn their head to the side to determine if they are using this technology to impersonate others.
‘’According to the FBI’s Internet Crime Complaint Center (IC3), 16,012 people reported being victims of employment scams in 2020, with losses totaling more than $59 million. In 2020, Texas reported 1,720 victims reported $4.5 million in losses. There were 69 victims in El Paso totaling $721,600 in losses. As of March 5, 2021, 2,349 victims had already reported $5 million in losses nationwide, 244 victims in the state of Texas with a loss of $1.5 million. In El Paso, there were eight victims reporting $31,928 in losses. Midland/Odessa reported 10 incidents in 2020 totaling $71,500 and zero complaints in 2021. The average reported loss was nearly $3,000 per victim, in addition to damage to the victims’ credit scores.’’ Read the full press release here.
How to validate a recruiter?
When you want to properly validate a recruiter or a company employee, there are some simple steps to take where you can put your open-source intelligence (OSINT) skills to the test. You can gather information on the company that they claim they represent. It will probably take you a few minutes to get the general idea by searching online public sources. Start by looking carefully at that person’s LinkedIn account because, in this day and age, almost every professional has one. Do they have any activities (comments, posts, articles), or do they have any recommendations? Does their profile look real? Note that if the recruiter has a premium LinkedIn account, that does not mean that they are not a scammer. Look through their followers/following, see if there are other individuals in that company and whether these profiles look real, because if not, that might be a red flag.
Conduct OSINT on the recruiter/individual if you have suspicions. Unfortunately, scammers use common names to make this process difficult, so look for any identifying factors you can find on their LinkedIn. For example, if George Smith from Greece is offering you a role, you can do a Boolean search on Google with the following: “George Smith” “Greece”, or “George Smith” “Company”. Look for their other social media profiles and their digital footprint. If no results show, that may be of concern.
Do a reverse image search on the profile picture, this can be done by saving/downloading and uploading the image into a search platform. It is helpful to use different platforms as this can generate different results, including Google, Yandex, Tineye etc. If the image search does not provide any results, question yourself if the image convinces you. For example, would a woman with very provocative attire work for a professional law office or banking institution? Challenge your gut. It is also worthwhile to become familiar with deepfake images of people who don’t exist from the website thispersondoesnotexist.com, and to understand their features, as a profile image on LinkedIn could be derived from this website.
Do research on the email provided/linked with their account. Does the recruiter’s e-mail address match the name of the company? Typosquatting is a term for a social engineering attack that uses misspelled domains in email addresses, so double check the spelling of the company. Is it a personal e-mail address? Search the email address in Google and Epieos, and see what results are found. Companies never use free email provider services like yahoo, Gmail, etc., and they are very easy to create. Say, for example, someone is presented themselves to you as Mr. John Adams, recruiter of our company LeMareschal, and the e-mail he provided you was: jalemareschal@yahoo.com, he is a fraud!
Additionally, when receiving an email, it may appear as “Amazon” for example, but ensure to also look at the email itself to examine the domain and email stem (eg. John.peter4563@amazon.me). This is another known phishing tactic scammers use.
If they give you a phone number, do some research on that too. Even a simple Boolean search may showcase other posts by victims stating that they have been scammed. If you feel comfortable, call them and ask relevant details questions about the role, see if they know the answers.
For OSINT beginners, OSINT FRAMEWORK can be a great place to start with. It is a collection of OSINT tools to make your data and intel collection task easier and faster. The tool is used mostly by security researchers.
How to validate a company?
• Does the company exist? Where is it registered? Does the company operate in the country of your recruiter?
• Who runs the company?
• Do research on the company’s reputation on the web, forums, etc.
Some scammers will use a name for a fake company that is very similar to a real company, so when you do your research or ask around about the X investment or IT company, people will tell you it does exist. Some will go to great lengths and create an actual website and have a registered domain (in most cases, they have it under a private registration). OSINT searches of the company, and deep diving into the company website can be valuable, we recommend you do the following:
• Check the domain name by placing the company website in the Domaintools Who Is Lookup website, see who the registrant is, when it was last updated, and if it matches the company’s name. Is the website up and running or does it lead to an ‘’under construction’’ page?
•To search for the business website IP address, place the website into VirusTotal and the details section will provide you with an IP address (a string of numbers). You can then search for the address through IP Address Lookup, and it will provide you with a location (https://whatismyipaddress.com/ip-lookup).
• Look up the company website using waybackmachine, to see previous versions of the website, are there notable changes to the contact details, location, names, design or the about section?
• Several companies have social media profiles. Look into the differing profiles they may have, when were these profiles last active/created? Look into the history of the profile, the spelling of posts, terminology used and if the posts correspond with your knowledge and thoughts of the company.
• Pay attention to the company name and the job they are offering. There are only a few major and well-known companies that hold ‘’good positions” especially overseas.
• Look for individuals on LinkedIn who are currently in that specific role or team, inquire about the role and ask questions. They may even reveal that they are not in the process of hiring at the moment.
• Start asking your colleagues and your network contacts if they know or they have heard anything about the company and the person who contacted you. Raise questions asking for more information about them in security-related forums and networking places, and then carefully evaluate every answer you get.
• Keep a record (Excel works fine for this) with companies you have applied to before, so if you get contacted by a company you haven’t applied to, they may be frauds, and they probably got your e-mail information from different forums or networking places. How many cases do you know where people were contacted out of the blue by the hiring companies asking them to apply for a position with them?
• If they are claiming the company operates in a foreign country, call the embassy in that country, and ask them. The consulate office registers every company originating in its own country operating overseas (especially when it comes to security and protective services).
How to run a simple and quick background check on a business?
1) Use the free web tools (search engines, http://www.ripoffreport.com/, Company’s pages on Linkedin, Twitter, Facebook)
3) Best Business Bureau http://www.bbb.org/ (Better Business Bureau makes company information public to consumers and applies an A to F grade to each company. Their core services include business ethics, truth in advertising, fraud prevention, consumer education, business education, and dispute resolution between consumers and businesses.)
4) Start looking for an online reputation, complaints against it, credit history, and legal background. The most innovative company to provide business information is Dun and Bradstreet, which created a DUNS number–a nine-digit identification number- http://www.dnb.com/
5) Determine what industry the business falls under and conduct a search for the governing agencies.
6) Search county court records, including property tax records. Your county court has public records available to search the company and its principals if they are involved or have been involved in a lawsuit.
7) Get a business credit report and background report (available from Dun and Bradstreet, Experian, Smart Business Reports, Equifax, and Lexis Nexis, fees range per report).
8) For foreign companies you can use www.skyminder.com (which supplies online credit and business information on more than 50 million companies in 230 countries).
Sometimes when you investigate people, the information will lead you to companies, and when you investigate those companies, your information will lead you to individuals, always compare and run information on both. Make sure you NEVER provide them with your personal information!!! If you don’t know someone or can’t check on them, do not give them any of your information!!!
What to do if you run into a job scammer?
1) Do not reply to their e-mails or texts.
2) Do not give any of your personal information.
3) Do not send any payment or buy anything for them.
4) Inform your colleagues/networking contacts for that company/contact.
If you still don’t know and need help, reach out to us!
By Denida Grow
&
Venessa Ninovic
Bio: Venessa Ninovic is an Intelligence Analyst working in law enforcement and has experience investigating fraudulent activity and threats online. In her spare time, she writes blogs about OSINT/SOCMINT, and intelligence analysis, sharing her knowledge to give back to the community.
You can follow Venessa’s blog here & follow her on Twitter @intel_inquirer
Parents, pay attention! “Adolescent boys are being targeted primarily on social media giants Instagram® and Snapchat® as part of an ongoing sextortion crisis, an analysis of July Cybertip.ca data by the Canadian Centre for Child Protection (C3P) shows. For the month of July 2022, Cybertip.ca has opened case files for 322 victims of sextortion: When the gender victim was known, 92 percent of cases involved boys or young men; Sixty‑three percent of victims reported they did not disclose the incident to trusted person; Fifty percent of victims were under than 18 years of age, 37 were 18 years or older. In 13 percent of cases, the victim’s age was unknown; When the platform used to facilitate the harm was disclosed, Instagram (42 percent) and Snapchat (38 percent) were by far the most frequently used social media environments where victims were targeted. Whatsapp® (5.6 percent), Facebook® (3.6 percent), and Apple’s iMessage® (1.2 percent) were the next closest platforms in terms of frequency.”
epbacktobasics.com 