In this episode of the Redefining CyberSecurity Podcast, host Sean Martin speaks with Kris Rides, founder of Tiro Security. They discuss the fascinating and somewhat unsettling topic of fake LinkedIn profiles, an issue that has become increasingly prevalent.
Guest: Kris Rides, Co-Founder & Chief Executive Officer, Tiro Security [@tirosecurity]
On LinkedIn | https://www.linkedin.com/in/krisrides/
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
___________________________
Episode Notes
In this episode of the Redefining CyberSecurity Podcast, host Sean Martin speaks with Kris Rides, founder of Tiro Security. They discuss the fascinating and somewhat unsettling topic of fake LinkedIn profiles, an issue that has become increasingly prevalent. Kris Rides, with years of experience in cybersecurity staffing and professional services, shares insights from a recent LinkedIn post that garnered significant engagement.
The discussion kicks off with Sean Martin recounting how Kris's post about a suspicious LinkedIn account with 28,000 followers caught his attention. Despite having a large number of followers, the account consistently posted irrelevant comments and lacked meaningful engagement. This anomaly prompted Kris to investigate further, leading to a broader conversation about the implications and dangers of fake profiles on professional networking sites.
One key takeaway from their conversation is the motivational factors behind creating fake profiles. Kris highlights a range of activities from promoting scams and fake job offers to phishing attempts and even cyber reconnaissance. Fake accounts might seek to gather personal information through seemingly legitimate contact requests or endorsements, which could then be used for nefarious purposes. Kris explains that fake profiles often masquerade as legitimate individuals or companies, which makes them hard to identify at a glance. He recounts instances where Endorsements were used as a tool by these profiles to build credibility. In one case, a fake profile had numerous endorsements from a marketing tool, unbeknownst to the people doing the endorsing. This exploitation of LinkedIn's features underscores the complexity of detecting inauthentic activities. The episode also touches on the sophisticated techniques used to enhance the legitimacy of fake profiles.
Kris shares how these profiles sometimes share resumes and job offers to build trust within the LinkedIn community. Sean and Kris debate the ultimate end-goals of these activities, including using amassed information for large-scale phishing or vishing campaigns, perpetrating job offer scams, and scraping data for fraudulent purposes.
For professionals and companies, the conversation provides crucial advice: maintaining vigilance and conducting regular checks on connections and endorsements can help mitigate risks. Both speakers emphasize the importance of trust but verify, suggesting that users report suspicious activities to LinkedIn and engage cautiously with unsolicited requests.
In summary, the episode explores how fake LinkedIn profiles represent a growing concern, affecting both individuals and organizations. Through their shared experiences and insights, Sean Martin and Kris Rides bring valuable awareness to this issue, encouraging proactive measures to safeguard personal and professional information in the digital age.
___________________________
Sponsors
Imperva: https://itspm.ag/imperva277117988
LevelBlue: https://itspm.ag/attcybersecurity-3jdk3
___________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
___________________________
Resources
Inspiring Post: https://www.linkedin.com/posts/krisrides_ive-reported-this-so-im-unsure-how-long-activity-7211061069274914817-aN43/
___________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring this show with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Spotting and Unmasking Fake LinkedIn Profiles to Avoid the Hidden Risks and Thwart LinkedIn Scams | A Conversation with Kris Rides | Redefining CyberSecurity with Sean Martin
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] And hello everybody, you're very welcome to a new episode of Redefining Cybersecurity here on ITSV Magazine. This is Sean Martin, your host. Or as you know, if you listen to the show, I get to cop, talk to cool people about cool things, a lot of which, uh, are triggered by. Things I see on, on the internet and I, I spend way too much time, I think on LinkedIn, other people on Tik TOK, I'm on LinkedIn all the time looking at what's going on and, uh, my good friend, Chris Rides, Chris, how are you?
Kris Rides: Yeah, I'm really good, Sean. Yeah, good to, good to see you and speak again. We've known each other for a long time, so it's nice to meet you.
Sean Martin: I know. It's been, it's been a few days and I'm, I'm glad to have you on. And, uh, it was one of your posts that, uh, that inspired me to have a chat with you. And I think it's been way too long, so I'm excited to do this.
And I think the topic is going to be fun for folks as well. Uh, looking at LinkedIn, funny enough.
Kris Rides: Yeah, I'm the same as you spend way too much time on it.
Sean Martin: I know, [00:01:00] I know. Serves a purpose, I guess. Serves a purpose. I'm not messing around too much. But, uh, anyway, uh, before we get into the, to the topic, uh, a few words, Chris, about, uh, who you are, what you're up to at, uh, Tiro and otherwise.
Kris Rides: Yeah. So, uh, Chris rides, uh, founder of Tiro security back in 2012 in LA, which is how me and Sean know each other. Um. Cybersecurity is a, uh, a staffing, cybersecurity staffing and professional services firm. So professional services side, we do things like pen testing, risk assessments, that sort of stuff.
And on the staffing side, all the usual retain, search, uh, contingency, all cybersecurity and GRC and contracts work as well as helping cybersecurity solution companies build their go to market teams. So solely focused on cybersecurity. And because of what I do, I guess is why I spend so much time on, on [00:02:00] LinkedIn.
Uh, it's, I, it makes me feel like I'm working, so I don't feel less guilty about it than, than I do sort of hanging on other social media forums, which I don't tend to use much anymore. So it's how I get my fix, I guess.
Sean Martin: That's right. It's the LinkedIn fix. Uh, I find that it, it isn't just scrolling. I actually stop and look at something and look at comments and see what's going on.
Which, which is another reason that, uh, this, this struck me because, uh, I'll set the stage a little bit here. So basically you did a post that. That said, here's a profile, something's a little wacky about it. Uh, you submitted it as a, as a potential fake account to LinkedIn. And then the comments started coming in.
I think you asked a few questions. Uh, what is the end goal of a fake, a fake LinkedIn profile? Does it have value? Can it be [00:03:00] bought and sold? Sort of scams, da, da, da, da, da. So I think some of those were answered in the, in the, uh, In the comments, but I think it's just, it's an interesting thing because. Well, just like if, if you're looking at Twitter, right, and accounts there, I don't know, do you, do you trust it?
Are they, are they manipulating people? What, what's the goal with, with a fake LinkedIn profile? I mean, you're not there to manipulate somebody politically or otherwise. I don't, I don't know. Maybe you are. Are you looking for a job, trying to sell a fake job? I don't know. So what, what was the premise behind Posting this.
I'm sure that this isn't the first one you've seen. So why post? Why post now?
Kris Rides: I guess I've seen a lot of them And um, I guess this one sort of stood out. So the first thing happened was This, this LinkedIn profile commented on one of my posts, [00:04:00] but the comment didn't make much sense. So it wasn't relevant to, wasn't, didn't seem relevant to the actual post that I put out.
And it, and it wasn't something that read like, Oh, okay. You know, LinkedIn is a global platform. And so we have people that English isn't their first language commenting on things. And it didn't strike me that this was a, a language mismatch. It was somebody just. Putting a random comment on there that didn't make a whole lot of sense.
And so that tracked me back to take a look at this profile. And I think what stunned me was I was looking at somebody that had 28, 000 followers. So this wasn't, you know, this wasn't somebody with a couple of hundred people. This wasn't something that only just been put out there. This clearly was a profile that had been on LinkedIn for a number of years and had somehow amassed all these followers and yet was posting.
Things that didn't make a lot of sense. And so that's what, that was the first thing that kind of struck me and thought, right, let me dig a little bit deeper into it. [00:05:00]
Sean Martin: Yeah. And I, as you're, as you're describing it, I'm, I'm picturing, I certainly have seen, I've had requests from people and I've seen, Profiles that just don't look right.
And there's one in particular, and I'm going to, I'm going to call out Marco, my co founder here, because there's, there's somebody that continues to comment, like anytime he posts something, Ooh, Marco, that, that sounds really interesting. How did you come up with, and then he just regurgitated, he or she or it, machine, machine regurgitates a piece of what Marco posted.
It's like, and Marco's like. This guy is really annoying me, and I'm like, it's probably not, it's not necessarily a guy, it was a guy's profile picture anyway. Right, yeah, of course. But um, and then there's, there's another, I don't know, part of some of the groups as well, and there's, there's one group, no matter what you do, you get three or four or [00:06:00] ten, People that just replied or comment on the post and say, let's connect.
Maybe you do nothing in cyber and it just seems weird. So lots of funny stuff going on. So, um, so you posted this and. Were you trying to get people to just recognize that, that this is happening or what was going on?
Kris Rides: I think what, what, what most of my posts on their drive is I love conversations and I love to hear different people's point of views.
And, you know, when you work from home, I miss going to the office, even a couple of days a week, I miss having some of these conversations about things. Right. And, you know, usually I might ask a few colleagues and be like, Oh, look, look at this that I've found and, but I'm not sitting there, you know, I'm not going to grab my wife.
She's not on LinkedIn. She's not interested in that. Um, so it's, it's like a, just interesting to have these discussions about things that I've kind of missed, I guess. And so a lot of my posts. tend to be things where I say I've seen [00:07:00] something that would spark a conversation usually, and I try and have that conversation on LinkedIn.
And, and I'm really interested to see people's sort of answers. So I think I put on there, you know, what were the things that I saw that kind of gave me that feeling, this doesn't seem right. Um, and then what did, what did they see? And what, and then as you mentioned, a list of questions, which were around sort of What's the end goal for somebody like this?
You know, all these kind of accounts bought and sold. And I actually did, I did a little bit of digging, like actually connected with some people and had conversations with people that had recommended, um, that person. So they've endorsed them. So the person had a lot of endorsements for really random skills.
Um, and of course, really random people as well. Uh, there was no rhyme or reason. for the connections that they had. Um, all of the endorsements were for people that did all sorts of kind of different jobs. You'd be like, like not even works. [00:08:00] Yeah, I've looked at one person that endorsed have not on 10 different things.
And like was, was the only person to endorse them in one area and I looked and I was like, that person's in a different country and doing a completely different job and they don't, they've never worked in the same places. So, so what's creating this? And so it kind of sparked quite an interesting conversation and dug into some of the things I know that have been going on.
Um. And I've seen people use these different tools, and I'm seeing even more common stuff nowadays, the stuff that you're talking about with Marco, lots of, you know, I get connected and have a lot of emails from people that run AI tools that are going to manage your LinkedIn are going to help build your network.
And, you know, is that regurgitating? Like taking, taking, taking AI, looking at AI, looks at your post, it briefs it down and it creates a question to then post in the comments and it does it all for you. So, you know, there's all [00:09:00] this sort of stuff going on. Um, and yeah, so I've got, I've had plenty of sort of comments there that sparked conversations, things that I've seen that's going on.
Uh, Might be interesting. I talked about endorsements. That was one of the things that really raised some like question marks, uh, other than. The, the, the picture of sort of a young ish person that looks like it's produced by AI and yet the person saying they've got 25 years experience, but they, you know, they must've started their job when they were 10, if that was the case, or they look really good.
Like I need that
plastic
surgery. Right.
Sean Martin: I started when I was 10. Jeez. So you said you connected with some of the endorsers.
Kris Rides: Yes. Yeah. I connected with a couple of people and I had conversations with. a lady out of England and I said to her, you've endorsed this person. Like, how do you know them? And I didn't think I'd sent a few messages like that.
And [00:10:00] obviously a lot of people don't respond, but this person did. Um, and I had a brief sort of email conversation, um, with her and she'd said that she had used a marketing tool a few years ago and I tried to find out which one she stopped replying at that point, but basically she'd used, she'd paid for some marketing software and the kind of auto connected.
And she said she never endorsed anybody. It's just something that it did. I don't know how much of that I believe, but I mean, it's quite possible that there's these things called pods, um, that were very common at least five years ago. Um, and I know that some of our competitors that have got great sort of really good followings on LinkedIn were part of pods because They started five years ago and all of a sudden that their followers went up and they read all these comments and I was like, how the hell is this happening, you know, and and when I dug into it, there were these pods of people and what you [00:11:00] would do is you join a pod and whole companies.
So. Like a recruitment company would have a pod for themselves, like global recruitment companies, and then they would automatically like each other's comments, like each other's posts, make comments on them. And you'd have a, they're clearly like agreements going on between that. You like my post, I like yours.
And I don't know how much of it was automated. I would imagine quite a lot of it was, and so it drove up. engagement, it drove up posts, it drove up followers for people really quickly. Now, I don't know how useful that was in terms of for our, you know, for our jobs, you know, I'm all about networking. I've been on LinkedIn for years and years over 10 years.
And, um, it's taken me that long to build the network I've got. And I know the network I'm sure there's a few people hiding in there that, um, that I, you know, that I, uh, yeah, good people like you shouldn't, I don't know so well. So [00:12:00] I'm not saying that I haven't got fake profiles in there or, but certainly I never engaged in the pod thing and the pod thing.
It's kind of you can identify it because it's people from all sorts of different backgrounds that wouldn't traditionally follow you. You know, what interest have they got in cyber security? Are they even in recruitment? Are they in pen testing? If not, why are they following me? Right. And, and I could look at other people and I could see very quickly that that was what they were doing.
Um, and so, yeah, it was really interesting to speak to this lady. She reported the profile. She took all their endorsements off. Said to me she's got no idea how she automatically endorsed the person for all of this stuff. Um, and I suspect she worked in marketing, so I, I suspect that she probably was trying out a tool, um, that would help build something like that.
And it's insane to, to think that that stuff's going on. And I think a lot of the people that have a lot of followers are because of that. And it's not necessarily, [00:13:00] uh, fake profiles. I think fake profiles and stuff have come along a little bit more since then. Um, but certainly at that time, that's how people built their, their followings.
Sean Martin: Yeah, because a lot of that way you just described isn't necessarily, she's not fake. No. We can, we can assume, right? Yeah. Um, but there's probably a lot of stuff that that profile did that wasn't authentic. Including perhaps this automated endorsement. Interesting.
Kris Rides: Yeah, it's um. Now, I think, like, obviously there's a lot of benefits to having that and somebody's playing, either playing the long game or perhaps the person was called something different before.
And these accounts I've learned, you know, I already thought they were being bought and sold, but I've learned through some of the comments on there that it's very common. And the more followers you've got, The more that that account is worth. Now, nobody's told me values on [00:14:00] this sort of thing, but, um, the interesting one with this one was what I could tell is that 28, 000 followers and they would post something and they would get two.
Two likes on it and no comments.
Sean Martin: Very little engagement, yeah.
Kris Rides: Yeah, and with that, and you know in that kind of engagement, those followers aren't engaged. So the, the, the second thing to wonder is how many of those people on there are real people? Or, you know, I wonder, I really wonder, you know, how, how a lot of this stuff's being managed.
Um, And how LinkedIn could even manage this, you know, is this a real person? Is it a company of people that, that all use this one profile for different things? Is it being used for nefarious reasons, scams, that sort of stuff? Um, or are they building it to, to, to eventually do that?
Sean Martin: Yeah, I think the thing that comes to mind, I don't know, I mean, a gazillion scenarios, one can dream up, but, uh, [00:15:00] not that a tool can scrape all this information anyway, but perhaps using the followers to identify susceptible profiles, make those targets, uh, rather than those that don't accept.
The, uh, the fake requests and whatnot, and there was somebody put a link, um, this isn't a promotion for trip bar, though I, though I love the guys and gals there, um, but they, they posted some, some common, uh, LinkedIn scams. So I'll quickly run down the list. They have five illegitimate contact requests, kind of what we didn't talk about that as we talked about it, but that's not what this case was.
Fake job offers. I've heard, heard of that, uh, or actually you can get this job, just pay to submit your resume and that kind of stuff, fishing and whaling. [00:16:00] There's another tech support ruses. Not quite certain I have to read that one a little more and advanced fee inheritance schemes, the old, uh, I have, I have a payout for you.
That one still lives on as well. So, uh, I know I just tipped you off to that, uh, that particular article as well. But what are your thoughts on some of the risks? And obviously you with, with the work you do, you look at some of this stuff as well, both from a vulnerability perspective for organizations, and then also just from you're looking for people and you want to find the right people.
Kris Rides: Yeah, well, I mean, a lot of times you will have some sort of contact information connected to your account and once you're connected with somebody, they've got access to that. So you might have an email or even a telephone number. Some people do. You should definitely check what you've got because when somebody connects, you [00:17:00] can be giving them that information.
So certainly there's probably one of the reasons or one of the things they're looking to do is to take that information, build on it and use that. Yeah. So that, that would be common. The job scams, yeah, putting out an advert, uh, getting people to respond. Um, you know, it's work from home. You'll need a laptop and this, this, and this.
Here's a website. This is where you've got to order it from. Um, okay. You're going to pay for it. And then you're going to send me the receipt and I'm going to reimburse you via PayPal or however. And it never gets reimbursed and the websites are fake websites. So we see and hear a lot of that. And actually, even sadly, recently, I was connected with somebody that's in my network.
That's in security. And they sent me a message just saying, Oh, really good news. I've managed to get myself something. And so I'm going to be coming off the market, but you know, I appreciate your advice. Um, you know, I give them a bit of advice on resume stuff and they'd seen some of my posts and videos.
And then they came back to me like a few days later, I just said, Oh, [00:18:00] congratulations. What are you going to be doing? And then they came back to me two days later and told me it was a scam. Um, hopefully they didn't actually fall for it by sending the money. I don't know that or not, but, um, it was exactly that, the job scam.
So we do see stuff like that. Um, certainly LinkedIn, the more people you're connected with. The more people's profiles you can see. So secondary degree connections, you can actually see a lot more information. Um, and so if you don't have many connections, you see less people. So there's a definite benefit to having 28, 000 followers because that allows you to then see the people that are connected with them.
So it could be used for plenty of scams. And the interesting thing, actually, you said, um, I had a couple of people mentioned like pen testers mentioned that they have fake profiles that they use for OSIN. So certainly it's being used, uh, and I can tell you, uh, on a recent pen test, we did, um, obviously [00:19:00] since the MGM hack and the vishing of, of, uh, help desks and things like that, we've seen an increase of not only our standard pen testing, but asking to do more fishing, vishing, smishing sort of targeted stuff.
And I can tell you, we, we did something for a client. where, um, it is hard to scrape the data. And so, uh, we built something that would take screenshots of all of the staff that worked for the company we were pen testing for. And so we screenshotted all of the data. We then, uh, did it so it cut out LinkedIn because, uh, ChatGPT doesn't like you reading Information.
And then we ran it and I will say we ran it with permission from the client through chat, GPT, um, all of the information was public information, um, but basically we ran it through and we got chat GPT to build us an Excel spreadsheet. Um, and also create for them. Yeah. So we created work, didn't create a workshop, but [00:20:00] it created a whole list of people that we could then fish, um, that were down on LinkedIn as their, as their, uh, employees.
So. Titles, job titles, everything.
Sean Martin: Yeah. And of course, uh, so you did that at scale. Um, I've heard stories of, uh, Even not necessarily, we're kind of off the topic of fake accounts, but if you have 28, 000 followers, you can do, you can do this at scale, I guess, more than some others. Um, but looking at the, looking at the profiles to understand what kind of systems they have in place and things like that.
And, um, so I don't know, I guess kind of bring it back to this fake account. If, if it's a fake account with a purpose. And it is using ChatGPT or something else to create conversations to find out, okay, who's in IT, [00:21:00] who's in security, who's, are they running SAP or Microsoft, or what is it? I'm going to start a conversation so I can learn more about the environment, perhaps, and target my attacks accordingly.
So I've heard some of that taking place.
Kris Rides: Yeah, it's certainly doing things to build trust. I mean, I also connected with somebody so that they actually shared, this account shared three resumes over the course of while it's been live. Um, and so I took a look at those resumes. I could then track back who the person was because all of their details were on there, not teleph, not telephone numbers.
I can't remember their email addresses were, but I could track back who the LinkedIn was. It didn't connect to them, but it said, Hey, this is somebody that's looking. Um, you know, they're really good person at doing this. You should, so it was doing this stuff to build trust. It was helping the market. I connected with the person and the person didn't know.
They didn't know them, they'd never worked with them, didn't recognize the account. And I said, Oh, do you, do you remember [00:22:00] like how they got their, your resume? And so they went back, checked and they, so they messaged them. They'd put out that they were looking and they'd messaged them to say, Hey, would you like me to share, you know, I've, I've X thousand followers.
Would you like me to share your resume on there? And the person of course had said, yes, they're looking for a job. Um, and didn't realize that, you know, what they were helping potentially was a fake account, um, to build trust in our industry. Uh, and I will say the person didn't work in security and the other two people they shared didn't work in security either.
So they were just sort of generally helping people, which is why I felt like it was likely. You know, a fake account. I think the actual account itself was it and business development anyway. So it wasn't a specific cyber security one, but again, it was all about building trust and they were doing things that you would expect somebody to do.
Um, to do that. So yeah, it was, I thought it was fascinating. Um, And I thought there was a whole bunch of stuff when you started digging [00:23:00] in and looking into it that sent red, red flags up. Um, so yeah, it was good. It was an interesting one and it created a really good conversation, which is the bit I love the most.
Sean Martin: Exactly. Yeah. I was, I'm scrolling through some of the, uh, some of the comments. I think there's a nation state, uh, thing with a dark reading article there. Uh, let's see, yeah. Resume harvesting. That was the one we just talked about. Uh, let's see what else is here. Um,
Yeah, fake socials for OSINT. I think we touched on a lot of this stuff here. The, yeah, I think the other point that some folks are saying, the point that you made about the contact information and the other personal information that Isn't available until you're connected. Um, oh, here's one and we didn't talk about this yet.
I don't think, uh, not just fake [00:24:00] people, fake companies. And the one, uh, somebody mentioned, uh, Ohio state and, uh, some of the, uh, the fake account created the Ohio state or the other way around. Um, so yeah, um, Hey, sorry, fake companies. Posting fake jobs as well.
Kris Rides: Yeah, yeah, absolutely. I mean, and you get, I'll just say you can't do anything much to control this stuff.
Like, um, every now and then I'll check Tyro security and I'll look, and there was a period of time where I had, there was a fake profile claiming to work for us. And I had a conversation with them over LinkedIn and said, Hey, Um, I didn't really, I think I got a sense of humor. So like, you know, what are you going to do?
Right. So I connected with the person and I was like, uh, you know, I sent them to me, I should say, I didn't connect with them, which would then make it look like they really did work for us, but I sent them a message [00:25:00] and was like, Hey, have I, have I hired a new member of staff? I knew nothing about, because I'm so sorry.
You know, I'm terrible. What kind of CEO doesn't know all of his stuff, especially when you run a small business, right? And then the person responded back in sort of quiet. like quite a jokey way about that. And, and like, Oh yeah, you know, you've, you've spotted me. And I was like, what's your goal? Like, why are you, why, like, why, why choose us?
Uh, and they were like, Oh, we're just, you know, I want to show that I'm working in security and You know, I use this account for a lot of things. I will say that I got the feeling that the person was probably using it for nefarious reasons. I didn't get the feeling like those genuine, um, not even genuine mistake, but a genuine effort of, of, of trying to do something good.
I felt it was probably the opposite. And I was like, well, it would be great if you, Like if you disconnected and I said, look, if you're going to choose a company, you probably want to do what everybody else does is and choose a company that's so big they don't [00:26:00] realize who's a member of
staff
because, you know, we're going to see it and I'm going to know you're not.
Um, but the interesting thing about it is, uh, I will occasionally see emails come in where somebody's taken that fake member of staff, scraped the data or taken the name, created an email. That using our email format that they think we use right and, um, and every now and then I'll see and I'll get these emails come through to names I've never seen, you know, go to junk box.
I look and I'm like, who is that person? And there's trying to sell a product. I'm like, we've never, never had anybody in, you know, in 12 years, I've never had anybody that by that name has worked for us. And so like companies, it kind of establishes that they put that out. Somebody scrapes the data. And so there's a big follow through in a cycle of what's going on every time somebody does something like that, which is, I mean, it's very interesting.
Um, but, you know, you never know [00:27:00] when I could get an email from somebody saying, somebody, you work for me. Thank you. Has, has ripped me off or scammed me or something like that. Right. And you know, big companies probably worry less about that, but small companies that rely on their branding and the things they do.
You know, like us, you know, that would, that could, that could have a huge, huge impact, you know, and then after we address that and, and, you know, through nothing that we've done. And so, yeah, it's an interesting, uh, interesting process and it's interesting to see these things go on and I'm very upfront. I'll, I'll, I'll contact people and have conversations with them and try and find out a bit more because it's just interesting.
Right. I've always got that thirst for knowledge.
Sean Martin: Yep, yep. Well, I think for, for me and I, I love having these kind of conversations with you, Chris, and um, I appreciate you taking, taking the time. I'm glad you posted that. I think I want to leave folks with some ideas. I mean, the first takeaway for me here is [00:28:00] it seems like fun.
I think we, at the very beginning, we joked that we spend our time here. Um, I might want to spend a little more time, not just exploring, but actually investigating stuff, right. Um, just to understand what's going on. Some of the ways that we talked about today, and I think both personally and as an organization, I think it's probably important to do that.
So I don't know any, any thoughts on what people should take away from. What we talked about today,
Kris Rides: I think, um, I mean, we always say trust, but verify right now. It's very valid here. I think trust you got, um, because certainly for me and the more experience you've got, like, you know, just if something doesn't feel right, then it probably isn't right.
So do a little bit of digging into it. Don't have to spend a huge amount of time. I think. I would love to read an article on this. I wish I would have more time. Maybe I could write a blog or something. I just don't [00:29:00] have the time to investigate, but I think something like this would be really, make a really interesting investigation, especially if you can get some of the people that's doing this to talk to you about what they're doing.
Um, you know, if you can get them into engage with you and talk about that, I think that would be really interesting. I think the takeaways for me is, you know, look for the things that make you Make you think, well, this is a bit strange. And you've seen the adverts and I'm presuming most people have maybe seen some of the TV adverts out there that have this person standing next to you saying, Hey, you know, if you give me a hundred dollars now, I'm going to give you a thousand dollars later.
And you wouldn't trust that person in real life. And so those adverts are great because that's absolutely exactly the same as, as what we're talking about here, right? This is online. Um, be suspicious. Um, And, and treat it like they are, you know, if they were in a room with you offering to do some of this stuff, you know, giving you a job with no interview, asking you to go and buy your own equipment, hopefully you'd be like, this is seems a bit strange.
You [00:30:00] know, would I hand over a thousand dollars cash for somebody to send me some equipment and I don't even know them? Probably not. So I know they, there's a lot of stuff that builds on this, but, but trust your instincts, start looking into it and also don't be embarrassed to ask people. A lot of people in the security industry, you know, say I've got this thing going on.
It's real strange. Um, and just also don't be embarrassed, like, you know, none of us are immune to this stuff. Um, At some point we'll have another conversation, but I, I mean, I, I've been scammed before, um, as a business, uh, not thankfully out of a lot, which is probably one of the things that, that made me less suspicious was that the, the end goal didn't seem to add up, like the amount of money we were scammed out of didn't add up to the amount of time it took for somebody to put into it.
Um, That's a whole nother conversation. We'll have at some point, trust your gut. Um, my gut was telling me in that instance that [00:31:00] something was off. I did a little bit of digging, probably not enough, but you know, you, you, anybody can, can be impacted by this. Um, look for things in this case, 28, 000 followers, but no engagement.
That's strange. You know, unusual comments on things that don't make sense. They're not, they don't actually go with the post. Um, yeah. You know, pictures that seem like they're AI generated, you know, pictures that don't go with the 25 years experience that they might have, you know, all of these things are reasons why you probably should, you know, not trust and certainly dig a little bit deeper.
So that's stuff I would say.
Sean Martin: I love it, Chris. I love it. And I'm going to put a call out, uh, whoever's listening to this. Perhaps, uh, they have some tips and advice as well. Cause I think, I don't know. I think it kind of to your point, uh, we've all had our own experience in some way or another and [00:32:00] spotting it, responding to it.
Um, how do we deal with it? I think if anybody has experience and wants to share, uh, send me a note, send Chris a note, and we'll try to pull something together again. Yeah. And if you want to come back and talk about, uh, your scam, I'd be happy to I'd love to have you and you can share whatever you want to share there too.
I think anything to help people learn would be great.
Kris Rides: It's an, it's an, it's a pretty crazy story. And recently. I had somebody that wanted to practice forensics and so I said to them, here you go. I'm going to give you all this information. Go, go and go at it and because it wasn't worth the time by the amount of time it would take me to do anything about it wasn't the value of the time that had been scammed out of like the value of the money that had been scammed out and so um, and so yeah, like somebody went and Um, done some digging on it and actually the person that had done it, tracked them down, got a name, found that they'd probably [00:33:00] done it multiple times.
And
no, uh, in, in America, American person running an American company, uh, shut down the companies had no criminal record and had actually passed away. So I don't know whether it's sort of out of desperation that somebody was doing this for a few years to try and get money. Knowing that they run well, or, you know, I don't know.
I felt an element of sadness for somebody, you know, somebody said to me, bad things happen to bad people. And maybe that is the case, but I've also known that bad things happen to good people as well. Right. So, so, um, yeah, it was interesting one to go through. Yeah, maybe, maybe at some point I'll, We'll talk about that again and go through a bit more detail, but I have to be careful.
I want to, I feel like there's probably family members that had no idea what this person was up to. And, and quite honestly, you know, I don't want to horrible. Yeah.
Sean Martin: I wouldn't, I wouldn't want a names or anything anyway, but, uh, just more of the, more of the [00:34:00] experience, but when, if, and when you're ready and, uh, there's a learning to be had.
We'll, uh, we'll definitely have you back on in the meantime, Chris, uh, we'll see you in Vegas.
Kris Rides: Yes. Yeah. Yeah. I've got, I'm speaking at B Sides Las Vegas, so I'm there Tuesday, probably there Wednesday as well. I'm going to probably hit SquadCon on Wednesday and then I'll be, I mean, obviously I live here, so I'm here all week.
But yeah, lots of, lots of chance to see you and a lot of other people as well. Looking forward to it.
Sean Martin: Yeah, absolutely. There's higher ground there at B Sides as well, right? Yeah, I'll be, I'll
Kris Rides: be in there. I've got a panel in there and a workshop as well. So route to CISO workshop. So people that are looking to either become a CISO, get into the industry, come on down.
I've got a couple of. CISOs, uh, experienced CISOs that are actually going to come and join me and help answer sort of some of those [00:35:00] questions. So I think, I think it's just me on the schedule, uh, bringing sort of my experience from a, from a recruitment point of view, but I've got some really experienced CISOs that are going to be stepping in, chatting as well.
Some people that you probably know.
What's that? It's a special guest. I've got Mel, Mel
Reyes is coming down. And there's Ray Espinoza as well. You know, Melwell. Yeah. I mean, I'm sure he's going to be wearing an outrageous suit as he always does. Um, but yeah, and I think Ray Espinoza is going to be coming, coming down as well. Awesome. Yay, Ray.
Sean Martin: Can't, can't, can't, yeah, yeah, he won, not the other. No, but, uh, super cool. Super cool. Uh, I look forward to seeing you and, uh, and hanging out and having good old chats and, uh, always, always thrilled to talk to you and thanks for everything you do for the community, uh, yes, in general, and for getting people jobs too.
Kris Rides: Thank you. Thank you, mate. I [00:36:00] love it. I love being part of the community. So it's an easy, easy one to do.
Sean Martin: Awesome, man. All right, Chris. Well, thanks a million. Thanks for joining me here and everybody. Thanks for listening and watching this episode. Of course, I'll put a link to the post in question, the article I referenced.
Um, yeah, please do. If you have, if you're listening and have a story you want to share, um, send me a message on this post or, uh, DM me and that will make, make something fun. All right. Thanks everybody. Keep up.