What's What with the Who's Who?

Who would be so foolish as to pay for inclusion in a Who's Who book that no one reads? Ben Rothke does a little gumshoe work and files this illustrated report.

Times are tough and even the extremely resilient field of information security is suffering. There are plenty of articles covering the small things that you can do to enhance your resume and make yourself stand out from the field. These articles list tips from creating a presence on LinkedIn to adding new professional certifications, and more. Those who are desperate for a job will often load on these recommendations.

One thing that some people have done is to get their names in a Who's Who directory. Unfortunately, the world of who's who is a free-for-all in which I found there are few winners and countless losers.

Who's Who directory letter

Something told me that while not based in Nigeria, this was a scam. It had all the makings of a classic rip-off scheme: from the various remailers and spam-type email addresses, to the variants of the names used, and more. Some of the messages were addressed to Dear , and others Dear Business Professional. But not a single one had anything that would indicate it was meant specifically for me.

Note the similar generic email from Emerald Who's Who. The email had the subject line with a typical sense of urgency of Third Attempt, you may still qualify for inclusion into the Who's Who. I don't recollect getting any of their previous email, likely due to the good spam filters in place.

Who's Who solicitation promises security but not correct spelling

Google "who's who" and there are nearly 23 million hits. Who's Who itself refers to a reference book, generally containing biographical information about the persons included. It is important to note that the term Who's Who is in the public domain and is not a copyrighted term. Anyone can create their own Who's Who directory -- which explains why there are myriad variants of who's who books, and which also makes it an area ripe for scammers. In fact, you can spend all day reading about who's who scams at Ripoff Report.

ALSO SEE Mind Games: How Social Engineers Win Your Confidence

Most Who's Who publications are simply vanity publications, where the inclusion criterion is the person's willingness to buy the book, with the business model consisting of selling books directly to the people who are included.

Most people who pay to get their bio in a who's who are generally so enamored by the seeming honor to be included, that they fail to do the most basic due diligence about the offer. This fact, combined with their high-pressure tactics and the threat of an imminent deadline used by the telemarketers, creates a perfect storm for a scam.

When I got yet another email from Heritage Who's Who, in the spirit of accomplishment, I filled out the form. Two days later I got a call from Matt at Heritage who said he had a few questions about my application. Within a few minutes, Matt told me that he was proud to be able to congratulate me and that I was suitable to gain entry into the Heritage registry.

After a few subtleties, this is where the monkey business started. Matt tried to sell me the Platinum Executive program, consisting primarily of 2 wall plaques, the handsome leather-bound journal and 3 press releases at a cost of $699.00. Seeing I was not interested, he suggested the gold program, same as the platinum, except 1 wall plaque for $499.00. Seeing I was not about to go for that, Matt suggested the wall plaque alone for but $199.00, which he said I could proudly show to friends and colleagues.

As I contemplated the offer, Matt told me that Heritage is published in every university and that they are the only legitimate who's who. In fact, Matt told me that as part of the membership, they will send me 3 press releases to send out to newspapers to announce my prestigious entry into the Heritage Who's Who. Matt stated that no other who's who could get my inclusion in a newspaper. "Like the New York Times?" I asked; no he responded, "your local community newspaper".

Anyone who thinks these press releases will do anything for them is deluding themselves. The fact that anyone would send them to a newspaper, or would proudly announce it on their web page or Facebook profile, is a good indicator that you are dealing with a gullible person.

That pesky Library of Congress deadline

Finally, knowing he was running out of options, Matt told me that the entry deadline that was quickly approaching and that I would need to make an immediate decision since they needed to get their edition to the Library of Congress in time. The Library of Congress has no such deadlines, and while I squandered my opportunity to get in the Heritage Who's Who, and find immortality in the Library of Congress, others fall for these somewhat deceptive practices.

Since the term who's who is not protected by copyright law, anyone can create their own edition. This leads to many Who's Who directories that only serve to sell memberships to the group. They simply get a reference guide to others who were silly enough to part with their money. For a good overview of this scam, Victoria Strauss has a good write-up in Beware Who's Who Schemes.

I searched hard for anyone who had positive things to say about Who's Who. I posted on Twitter and LinkedIn asking people to contact me they had anything positive to say. A number of people, including a few with thousands of followers retweeted my request. I did not get a single reply with anything positive to say.

With that, I emailed a sampling of Heritage VIP Members asking them if they found any value with being in the registry. Of the sample, 31% of the emails bounced. Of the remaining, I received only negative replies. When asked if there was value in being listed, the director of a non-profit agency told me "absolutely not" and that he found that "anyone qualifies as long as you pay the fee for the book and plaque which no one looks at except for someone like you doing some research".

I asked him if I could quote him by name, to which he replied "I'd rather not as I am embarrassed for falling for this nonsense knowing all along that it is worthless. But then one day, I just had a weak day and said to myself, why not see if anything good actually comes from this, even one or two good contacts would be worth the investment". All he had to show for his money and efforts was a dusty plaque and a canceled check.

Other direct replies from Heritage VIP Members include:

  • "Never really found any benefit from it. Don't have any idea if they really do try to generate any business. I have never had anyone, but you, even comment that they had seen me in the publication."
  • "I personally do not believe the return on investment is worth the effort. I subscribed once, but will not again. I also suspect that there is an angle to get people to part with their money with minimal return from the company."
  • "I signed up but have never used it. I am not sure of its value one way or the other. And no one else has ever contacted me with anything about it before."
  • "Their initial call caught me off guard under high pressure, now-or-never salesmanship, I allowed myself to be talked into something not worth the cost, something I have kicked myself for ever since. Only after considering it all later, did I realize their appeal is simply to one's ego and pride. They stress the importance of their publication as being an asset to one's business, that people will use it to check someone out and find them totally reliable - how else could they be in who's who?! However, the book they publish has no real value at all. It is not readily available to anyone, except possibly a copy in a public library. Furthermore, their publication of the book that I was in came out two years after I was told it would be published. Over that time, my phone calls and emails for information went unanswered. Since publication, I have been harassed about purchasing deluxe copies, etc., even though on the first such solicitation, I told them I had no further interest in their product. That has not deterred them from calling several times."

Ironic to think that all of these comments are from Heritage VIP Members. But on the other side, it often shows that references are valuable, in that they will tell you the truth. On that note, when you do list a reference in your job search, make sure the people are going to say nice things about you.

As to the networking capabilities of Heritage and other who's who plans, they clearly do not match the networking potential of sites such as LinkedIn and Facebook. This is true both from the very limited search capabilities, to the minimal amount of members.

So how really selective is Heritage? Based on my call and that of a few friends and the responses I got from the VIP members, they accept everyone. The simply want the person's money and they seemingly won't let lack of credential get in the way. In fact, they seem to do no verification of employment or education. When a friend spoke with Gene at Heritage, the fact that he made up an employer, and said that he had a PhD in engineering from a school that has no engineering program, did nothing to preclude his admittance into Heritage's registry.

Felony convictions not a problem!

And this is the press release that can be sent to your community newspaper: Perhaps when Mr. Dortch is paroled in 50 years he can make use of the press release. Unfortunately, since he is currently in the SHU (Secure Housing Unit) at Pelican Bay, his isolation from the other prisoners really makes this press release even of less value.

As to references, the Heritage reference page is nothing more than receipts. There are references for Brigham Young University, Brown University Library, and many others. Yet if one clicks on any of the 9 links, they are not references, only IRS required receipts noting that the gift was received by the university. There is absolutely no indication that is was requested or used. It seems as if Heritage on their own accord mailed the universities free copies of their registry.

Heritage also failed to do a spell check on their references page as they have Northwestern misspelled as NorthWestern, and Wisconsin as Winsconsin.

One last note to the friendly people at Heritage, since when does one network with a dead person? Ms. Sentak died a few years ago, yet she is listed as a VIP member.

Is there a need for directories in the age of social networks?

Heritage and other who's who are utterly obsolete in the era of social networks. LinkedIn with over 43 million members shines in comparison with Heritage, which claims to have 20,000 members.

Look at it this way: In the past 6 months, how many people have invited you to, or said they find value with, Facebook or Twitter? And in the past 10 years, how many people have told you of the value they get from using a who's who?

Even if Heritage were free, it is still of dubious value. Its extremely small user base, combined with limited functionality, make the Who's Who into a big Why.

Noted attorney and legal blogger Ron Coleman notes that he has always agreed to provide his profile to the Marquis Who's Who publications, because he is pretty confident that they are the "original who's who". But he also notes that he has never bought the publication, and can hardly imagine why he or anyone would. As a who, Ron observed that he naturally knows lots of other whos. He comments that this has always been the case, but in the social networking era, it is absolutely more so.


Security professionals looking to better themselves with find greater value availing themselves of the data and contacts at sites such as the SANS Institute rather than throwing their money away for entry in a who's who listing.

Most of the who's who organizations are in it for the money with zero concern for to so-called honorees. Organizations such as the Heritage Who's Who make grandiose claims in which the recipients have very little to show for it. It is incredulous that they would showcase the deceased and invite hardcore criminals into their fold.

Security professionals looking to advance themselves will find no value in having their names in a who's who, and could in fact be showing their ignorance by promoting their inclusion.

Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know (McGraw-Hill Professional Education)



Copyright © 2009 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)