The pseudonym "Mykola Yanchii" on LinkedIn [1] doesn't look real at all.
Click "More" button -> "About this profile", RED FLAGS ALL OVER.
-> Joined May 2025
-> Contact information Updated less than 6 months ago
-> Profile photo Updated less than 6 months ago
Funny things, this profile has the LinkedIn Verified Checkmark and was verified by Persona ?!?! -> This might be a red flag for Persona service itself as it might contain serious flaws and security vulnerabilities that Cyber criminals are relying on that checkmark to scam more people.
Basically, don't trust any profile who's been less than 1yr history even though their work history dated way back, who has Personal checkmark, that should do it.
PSA: If you are logged in to LinkedIn, then clicking on a LinkedIn profile registers your visit with the owner -- it's a great way for someone to harvest new people to target.
On another note, what's unreal about the pseudonym? It's a Ukrainian transliteration of Николай Янчий (Nikolay Yanchiy). Here's a real person with this name: https://life.ru/p/1490942
I don't think this is accurate. I believe if you go into your privacy settings, you can put yourself into a semi-private or a private mode so that your views aren't shown even when you click to view someone who is a LinkedIn Premium member. However, the big disadvantage is that when you put yourself in a private mode, if you are a non-subscribed user, you will not have access to these analytics for your own profile at all.
This is covered in this help article, especially the bullet points at the end[0].
I have premium. I can confirm this. Whatever your private browsing page shows is what I see. If you're fully private, all that registers is that someone has looked at my profile but nothing identifying, just a bump in profile views.
Seasoned accounts are a positive heuristic in many domains, not just LinkedIn. For example, I some times use web.archive.org to check a company's domain to see how far back they've been on the web. Even here on HN, young accounts (green text) are more likely to be griefing, trolling, or spreading misinformation at a higher rate than someone who has been here for years.
> Seasoned accounts are a positive heuristic in many domains, not just LinkedIn.
Yep. This is how the 3 major credit bureaus is the United States to verify your identity. Your residence history and your presences on the distributed Internet is the HARDES to fake.
I've found for the most part account age/usage is not considered at all in major online service providers.
I've straight up been told by Google, Ebay and Amazon that they do not care about account age/legitimacy/seasoning/usage at all and it is not even considered in various cases I've had with these companies.
They simply don't care about customers at all. They are only looking at various legal repercussions balanced against what makes them the most money and that is their real metric.
Ebay: Had a <30day old account make a dispute against me that I did not deliver a product that was over $200 when my account was in good standing for many years with zero disputes. Ebay told me to f-off, ebay rep said my account standing was not a consideration for judgement in the case.
Google: Corporate account in good standing for 8+ years, mid five figure monthly spending. One day locked the account for 32 days with no explanation or contact. At day 30 or so a CS rep in India told me they don't consider spending or account age in their mystery account lockout process.
Eventually, some of these companies will realize that a well-managed customer service org is a profit center and they will get an enormous amount of business. Unfortunately, they'll all keep fucking over customers until they realize that accepting life in the crab bucket is a negative-sum game.
I'm considering going back to school to write a "Google Fi 2016-2023: A Case Study in Enshittification" thesis but I'm not sure what academic discipline it fits under.
(I'll say it again for those in the back, if you're looking for ideas, there's arbitrage in service.)
Unfortunately ebay has a lock on large parts of the market and only a small number of people have been called frauds by them. I personally can't buy from you because they have decided my account is compromised, but I'm just one person and so that is a tiny number of potential customers.
Same in the UK (which is currenty a contentious issue again with Digital ID), because there is no concept of having a cryptographic signature tied to your identity in the way it is done in other EU countries.
Instead you need:
- five years of address history
- a recent utility bill or a council tax bill that has your full address
- maybe a bank statement
- passport or driving license
It just so happens that Experian, etc. have all of that, and even background checking agencies will depend on it.
Council Tax bills may be possible to fake. I received a paper one yesterday for an unknown name, someone had registered online that they were moving to my address which cancelled my own account, I guess they could have asked for a copy of the bill to be emailed to them.
I’d imagine that all of this stuff is extremely easy to fake if you’re willing to take a small risk of getting in a lot of trouble. Nobody is really “verifying” council tax bills or utility bills because there is no procedure for doing so.
> Your residence history and your presences on the distributed Internet is the HARDEST to fake.
Only if you don’t plan ahead. I can’t remember which book/movie/show it was from, but there was a character who spent decades building identities by registering for credit cards, signing up for services, signing leases, posting to social media, etc so that they could sell them in the future. Seems like it would be trivial to automate this for digital only things.
Sounds a bit like the practice of shelf companies, where people create companies, give them a basic history with the tax department, etc, purely for the purpose of selling them to people who need a company with such a history to .. hide things
That is a "valid" scam idea. However it is tricky to pull off. If anyone you sell the account to is investigated they may find you and can possibly get you on fraud even before they cannot arrest your customer. You also need to sell all these accounts - investigators look for and hang out in the places where such services are sold just so they can buy from you first and then shut you down (they don't know of all such places and eventually shut down the ones you know of). There are also suspicion that investigators are running that same plan and so nobody smart will buy because they can't be sure you are not the police.
But this is happening all the time. These accounts are sold anonymously and from countries where it is hard to find the culprit and harder to prosecute. It's the primary reason WHY companies like eBay, Amazon, and Google DON'T care about your account age or activity.
> Your residence history and your presences on the distributed Internet is the HARDES to fake.
When I was 18 with little to no credit trying to do things. Financial institutions would often hit me with security questions like this.
But, I was incredibly confused because many of the questions had no valid answer. Somehow these institutions got the idea that I was my stepmother or something and started asking me about address and vehicles she owned before I ever knew her.
Not to be rude, but... uh... did your step mom steal your identity and use it for stuff? Minors are huge targets for that sort of stuff because generally no one is checking a 10 year old's credit
10 year olds cannot legally do a lot of things. Other things they can do, but the law gets weird. Not that you are wrong - kids are a target, but there are a lot of protections.
Though if step mom shares your name (not unlikely if OP is a girl with a common name) it isn't a surprise that they will mix you up.
Sure, but nobody expects a 23 year old to have a two decade old LinkedIn account or work history.
(Except maybe the sorts of idiots who write job descriptions requiring 10+years of experience with some tech that's only 2 years old, and the recruiters who blindly publish those job openings. "Mandatory requirements: 10+ years experience using ChatGPT. 5+ years experience deploying MCP servers.")
>Except maybe the sorts of idiots who write job descriptions requiring 10+years
so.. most of them?
Anyway the problem is not a hiring person expecting it, it's systems written with not enough thought that will expect it for them, and flag the people as untrustworthy who do not match expectations.
Some of the bureaucratic battles that a functional government would be fighting right now include establishing manual identity management as an essential state function, NSA red teams to enable defensive improvements to widely used software and networks, widespread antitrust action if not progressive corporate taxes to limit the extent of a single vulnerability, postal banking, automatic tax filing, and a whole host of different data protection & privacy acts.
A breach like Equifax should have cost their shareholders 100% of their shares, if not triggering prosecutions.
We are not doing any of this because we are being led by elderly narcissists who loathe us and rely on corporate power, in both parties, and that fact was felt at a gut level, and enabled fascism to seep right in to the leadership vacuum.
> identity management as an essential state function
I dimly remember some sci-fi book, the kind where everything was Very Crypto-Quantum, and a character was reminiscing about how human spacefaring civilization kinda-collapsed, since the prior regime had been providing irreplaceable functions of authoritative (1) Identity and (2) Timekeeping.
Anyway, yes, basic identity management is an essential state function nowadays, regardless of whether one thinks it should be federal or state within the US.
That said, I would prefer a tech-ecology where we strongly avoid "true identity" except when it is strictly necessary. For example, the average webforum's legitimate needs are more like "not a bot" and "over 18" and "is invested in this account and doesn't consider it a throwaway."
The current standard is "Whoever receives calls to my cell phone number is effectively me". The designee of all account recovery actions.
The terrifying thing about this is that phones are almost trivially SIM cloned, surveilled, and impersonated, when they're not just owned with malware.
So, just hire one of those "account aging" services?
Because if you expect people to go there keeping everything up to date, posting new stuff, tracking interactions for 3 years and only after that they can hope to get any gain from the account... That's not reasonable.
Exactly. There are at least several different modes these scammers are operating in but eventually it all boils down to some "technical" part in the interviews where the developer is supposed to run some code from an unknown repository.
Nowadays just to be sure, I verify nearly every person's LinkedIn profile's creation date. If the profile has been created less than a few years ago, then most likely our interaction will be over.
> This might be a red flag for Persona service itself as it might contain serious flaws and security vulnerabilities that Cyber criminals are relying on
Persona seems to rely solely on NFC with a national passport/ID, so simply stolen documents would work for a certain duration ...
I think this is a real picture. I can't explain the ghost finger, probably just a weird angle but it doesn't give off the generated vibe. The poster of the photo seems to be a real person as well as the person who left a comment. Probably in the OP's case the company was real but the person was impersonating. I had been involved in a couple of these scams recently and the patterns are very similar but approaches slightly different.
You can click on the verification badge and see if the person has job verification. If not, that's a red flag. I never paid attention to this myself but I will in the future.
You just verify that you have access to an email address that belongs to a company (@example.com) by entering a six digit code they send to your work email. This in theory verifies that you work there, but obviously nothing else like your actual position at the company.
From an attacker standpoint, if an attacker gains access to any email address with @example.com, they could pretend to be the CEO of example.com even if they compromised the lowest level employee.
This is a optional/invite only feature. LinkedIn doesn't provide that work email validation feature for all employers on their platform. Why did I know that? Because my past startup was requesting LinkedIn to enable that so that we can enable that feature but they said it's an invite only feature. Internally, I think they are only invite those employers who has certain amount of employees and/or revenues to turn it on.
Apple / Google developer program uses Dun&Bradstreet to verify company and developer identities. That's another way. But LinkedIn doesn't have that feature (yet).
You just verify that you have access to an email address that belongs to a company (@example.com)
Bad idea.
I never had my work e-mail address on LinkedIn, but then I made the mistake of doing this, and LinkedIn sold my work e-mail address to several dozen companies that are still spamming me a year later.
> -> Joined May 2025 -> Contact information Updated less than 6 months ago -> Profile photo Updated less than 6 months ago
It's a red flag to be a new entrant on a platform.
FTR Wikipedia/Stak Overflow have also encountered this problem (with no real solution in sight) and new market entrants (new products) struggle with traction because they're "new" and untested, which is why marketing is such a big thing, and one of the biggest upfront costs for companies entering a market
It's a joke. An older version of the joke, from Usenet, is that RTFM stands for "Read The Manual".
The gag is that the newbie asking the question will wonder why the F wasn't included in the expansion, and rapidly figure it out. Or they ask, and you make fun of them for it. The joke is either kinda cerebral or really juvenile... and the tension between the two is part of the joke.
Click "More" button -> "About this profile", RED FLAGS ALL OVER.
-> Joined May 2025 -> Contact information Updated less than 6 months ago -> Profile photo Updated less than 6 months ago
Funny things, this profile has the LinkedIn Verified Checkmark and was verified by Persona ?!?! -> This might be a red flag for Persona service itself as it might contain serious flaws and security vulnerabilities that Cyber criminals are relying on that checkmark to scam more people.
Basically, don't trust any profile who's been less than 1yr history even though their work history dated way back, who has Personal checkmark, that should do it.
[1] https://www.linkedin.com/in/mykola-yanchii-430883368/overlay...