OSINT, LinkedIn Fraud, and the Blind Endorsement

Let’s start with me before we get to him. Only so you know the next five minutes of reading will be worthwhile. Please know I am as imperfect as any other human, and am certain that I have done the acts that I encourage everyone not to do. I believe we learn best by teaching, so I'm teaching myself and inviting everyone else to listen in.

Oh, and a quick note that may seem awkward in the rich formatting of social networks: even though I am well-versed in fair use and copyright laws, including digital uses, I am not going to present any images because to do so would be a bit hypocritical. You’ll see why.

I am a retired law enforcement officer from a metropolitan county agency in the Rocky Mountains. I retired following a spinal injury, and pursued my doctoral education during my healing process. Eventually, I healed and grew stronger. But I never lost my law enforcement skills, which included OSINT and investigative skepticism developed over nearly two decades on fugitive operations, counter-drug investigations, and management of the same.

As I have worked on updating my LinkedIn profile seeking to return to what I refer to as “a post atop the wall” standing between the innocent and those who would do them harm, I have been contacted on multiple occasions by individuals purporting to be in positions of authority seeking my tactical and investigative expertise for their allegedly-righteous businesses. My adventures on LinkedIn have not only reminded me how much fun it is to silently confront fraudsters with their ineptitudes, but it has also shone a light on what I consider to be a risky series of practices: connecting with strangers (I can still lump that into expanding networks) and then endorsing these complete strangers for skills that one may not know them to have. My part in this foible has been my willingness to connect, yet I have long resisted the urge to endorse until such time that I can actually stand tall, toe the proverbial line, and state that I know this person to be competent at such-and-such skill.

Sharing my experiences is intended to be a voice of warning that I have otherwise not come across. This deep “Thou Shalt Not” voice may be out there somewhere, but I have not come across it. I doubt I am the first to warn, “Thou Shalt Not Endorse Blindly.” But maybe I’m at least the most recent. And the risk of this practice is the very endangerment of not merely the endorser’s reputation, but also the trust of those who later rely to any degree on such endorsements, whether they be employers, applicants, or simply connections.

To that end, I will limit outing the specific perpetrators in the two most recent cases this last week. I have shared my findings with LinkedIn security in one case, and in another, with the investigative section of a global company that was being impersonated. I do so because I have great faith in the cyber-investigative efforts of both organizations. Though I know cybercrime is impossible to prevent wholly, I also have participated in countless investigations where something as simple as the stereotypical email from my dead Nigerian uncle opened broader doors that actually led to arrests for often-unrelated offenses. So I opt not to compromise those hoped-for investigations. However, if anyone reading this is concerned that they may have been similarly phished by these bogus profiles, feel free to contact me directly. Moreover, there is the slim chance that these simply involve poor business practices and an obvious lack of PR representation.

In the first instance, I received a network add from a CEO of a global energy company. It’s not the first CEO I’ve connected with, and in fact this CEO was from a European country where I lived for years in my younger days. Could she have been a friend-of-a-friend from a day before LinkedIn? So I accepted the connection. Reading up on her company, I discovered they have an extensive integrity and investigations unit. I therefore reached out immediately, offering my résumé and expressing my interest not only in the position, but the location.

Strangely, this CEO quickly directed me to contact her boss at a free email account. Unusual (if I was the “boss” over a CEO of a global energy company, why wouldn’t I send an email from the company domain?), but not unheard of. While the hairs on the back of my neck were gently stretching before standing, I started “sniffing.” This “CEO” had already been endorsed by several people for her managerial skill. Yet, I could find no reference of her or her boss (there’s a short list of people higher on a food chain than a CEO!) on the company websites. No listing of either of them in financial news. No company news releases congratulating either of them on their promotions or hirings. Nothing. Yet the company had an excellent, reputable online presence, backed by information on countless unaffiliated websites.

But how had she been endorsed by so many people already? Surely she was legit, because she was being endorsed by people whose identities, positions, and résumés could be verified.

Neck hairs were done stretching. They were standing up.

So I went ahead and reached out to her “boss,” almost in curiosity, but certainly in a dare. “I dare you to outsmart me, you silly phishermen!”

Guess what? It wasn’t my dead Nigerian uncle, but it was an exceptionally philanthropic Chinese man diagnosed with a terminal disease, who simply wanted the rest of his untold riches to go to a good-hearted man like me. For just a small fee. Oh, and my benefactor left out the impending arrest and funds reversal once the first bogus check was deposited and then returned. I’m sure he simply forgot to mention that, so I inferred it.

Neck hairs were doing burpees. Done deal!

I ceased contact. I could rub it in their faces, laughing like Nelson Muntz of The Simpsons. Or, I could actually worry about someone other than my inner egoist. I could worry about the company’s reputation (something that's like gold nowadays in an electronic world that never forgets anything) and the impersonated “employees” identities (they actually had photos and names that could be real, lower-level employees but certainly were someone somewhere).

I compiled the information, constructed an email to the real security unit for the corporation, and then left it in their hands. After all, I’m not in law enforcement anymore. I lack the power of arrest and access to secured intelligence sources. Shy of an urgent life-or-death matter, my job is to be a good witness for now. Nevertheless, I gained the satisfaction of seeing the CEO’s profile vanish from LinkedIn, and the boss’s email was shut down. It’s the little things that make me smile. Well, that and precision long rifle work. But today, it was the small things.

Just a few days later, another person reached out to connect. Amidst the gamut of connections I was seeking to further my career, I accepted it. This gentleman quickly said my profile looked like one his company wanted to use to fill an OSINT position in Latin America with a realistic, albeit desirable salary. A quick perusal of his profile showed he was endorsed by dozens, maybe even hundreds of verifiable people. But hey, if you want someone to be OSINT, and your company is not ubiquitously known in the industry, expect the company to be vetted OSINT-style by the prospective employee.

The company website was under construction. Images on the front page were . . . wait for it . . . copyrighted pictures from TV shows and a well-known but now-defunct PMC. 

Neck hairs were . . . you get it. 

A site search revealed few pages on the domain. Perusing these pages revealed a fugitive section. Strangely, all off the fugitive pictures were open-domain mugshots. The company was patently unverifiable through any other website, though their claimed financial resources (wages and fugitive rewards) were substantial. They claimed to have OSINT contracts, but no such contract, RFPs, or any corroborating information about the concept - never mind the company - could be found. But, since they're an intel group, maybe they're so good that they're only on the scary Dark Web? Nope. Not there either.

But this guy was endorsed by some decently reputable names. How could that be?

So, what about the company? The webpage was “under construction,” though cache searches showed it hadn’t been updated in almost a year. Let me get this straight - the company that was going to pay very well couldn’t even afford a high school kid to update their “broken” webpage? However, they have a Twitter presence and a Facebook page.

Neck hairs were reaching, but maybe I was overreacting.

The company offered to pay in GBP, though their domain was from an Indian Ocean nation where a dollar is the currency. Their IP address was from Central Europe, registered through a little-known domain service in the Middle East (though well-known in the law enforcement community).

But the world is getting smaller and increasingly digitally blind to borders, and this guy was endorsed by people from all over the globe. So he HAS to be legit, right? Just a lazy business? So, I reached out to several of the people that had endorsed this guy for various skills, such as security, intelligence, and so forth. As yet, none can actually verify that they know this person or their company to be legit. So why endorse?

But let’s try an image search of his profile pic. Aaaaaaaannnnnnd . . . he has about a half dozen cached LinkedIn profiles with different names, industries, and yada yada yada. I love OSINT (imagine my Taylor Swift-esque hands making a heart). It also makes me worry about my children’s online presence, but that’s for another discussion!

My neck hairs were standing so tall, they were pulling on my chin whiskers!

Two of my strongest characteristics are an open mind and a willingness to be wrong and learn from it. So I have always acknowledged that there is almost never a sure thing. I will always acknowledge my cloudy comet theory. That theory, for which I would love to get a grant to study (that’s a joke), states that when all else fails, “This could be caused by the electromagnetic interference created by the alien probe that laded eons ago on a comet which is only now passing the Earth and showing us with it’s cloudy tail that includes the residues of the alien probe’s restroom chemicals.” In other words, stranger things have turned out to be legitimately caused by an unusual intersection of unforeseen coincidences. Improbable, but not impossible.

Nevertheless, I ask, “Why did this person get so many endorsements?” 

On LinkedIn, we rely on the figurative recommendations of others as to whether this person knows their stuff about skills. I’ve been blindly endorsed, and I often wondered why they would endorse me. Yep, I know my stuff, but how do they know? Would they be willing to tell someone else I know my stuff, and thereby stake their credibility on it? I hope not. Yet those endorsements can get somebody a job interview, can ratchet a company reputation upward, can lead to other connections, or could even create deeper personal and professional relationships.

I recall reading one of my professional monthly publications many years ago that spoke of tactical leadership and the need to “satisfice.” (Please, whoever wrote that, forgive my inability to give you credit. It’s a function of nothing more than being unable to locate the article and having not preserved the citation. I’m sorry!) That word is the conjunction of “satisfy” and “sacrifice,” wherein a level of certainty is sacrificed for an acceptable level of satisfaction. In the article, a 100% guarantee of casualty avoidance is often sacrificed during tactical operations in lieu of satisfying the need to resolve the situation somehow. It  means accepting risk while seeking to achieve goals. I wonder if we, as a professional community, sacrifice our integrity in recommending others in order to satisfy either the pop-ups that say “Endorse Bob for . . .” or the online socio-professional acceptance of being the new good neighbor.

All from one blind click.

Please feel free to contact me with any corrections, concerns, or questions you may have!

Josh is a retired law enforcement leader from a metropolitan Colorado agency where he was a drug expert, tactical officer, special unit leader, and instructor in multiple fields. Additionally, he is a veteran of two military branches. He served as a tactical, military, and civilian prehospital care provider. He previously was an online and on-ground professor of criminal justice and a nationally renowned law enforcement instructor. He continues to serve as an expert consultant and civilian instructor, though now seeks additional career opportunities that capitalize on his previous skills.