BEWARE of the Purchasing email scam, they are out to steal your computer.
If you find my videos useful you may consider supporting the EEVblog on Patreon:
Web Site:
Other channels:
#ElectronicsCreators #scam

Hi, it's scam time again. This follows up two recent videos that I've done on how: uh Linus Tech tips uh Channel got hacked they lost their entire YouTube uh Channel it was turned into a crypto scam. Somebody hijacked it and that's happened to a ton of like high profile users in uh including that uh, recent during the recent uh SpaceX uh launch of uh Starship they had hacked, um a whole bunch of YouTube channels. One even had uh one point I think I tweeted this I put it somewhere 1.6 million subscribers, that channel was hacked and then they had like a live feed promoting a crypto scam and all sorts of stuff.

um so yeah, they steal your YouTube channel and then I did another uh video here of how uh, they still your eBay account and you should be on the lookout for eBay uh, test equipment or other products on eBay that look too good sound too good to be true because then they take you to an off-party uh website and they steal your money and they never, uh ship you anything Anyway, in a similar vein, I've been getting getting these emails for years. Let us know in the comments down below. if you get these uh I guess you'd call them purchasing scam emails. Um, so you get in like an email.

you know they're from the purchasing department in this case from Mitsubishi Electric elevators and escalators Inc right? Oh yeah, especially if you sell products like I do on my web store right? You think? Oh I got a big order for? Look at this. a big order for? a hundred uh Bm036 clamp meters. Wow. You know I'm going to be on this Johnny on the spot.

But yeah, you can already tell you can already sniff uh the BS in this one because well, the title. It's just completely screwed up. I don't sell Samsung memory right? and then uh, and by the way, if you go search up the name here. this is actually a legitimate person who works at.

um, it looks like they're purchasing the department at Mitsubishi Electrical So on the surface, if you even go and investigate, it might sound a bit legit and it would sound more legit if they didn't have that title in there. But anyway, on behalf of the management, we are finally concluded Our request your support of the purchased item. We hereby request quote for server memory module. So the script that these scammers use.

obviously it can pull the real details from my website here. that's actually the skew the product SKU that I use. That's the correct title and everything. but then they couldn't put it here or they couldn't put it in the title I mean but once again, this is uh I Think often part of the scam is that they will.

You know, Mass email this to millions of people and only the dumbest of the dumb will get duped by this. And that's Some people say that these are deliberate errors in here so that um, yeah, if you're dumb enough to sort of think it like, you're more likely to get scams. So I don't know if that's deliberate or that's just a poor script that they got. Anyway, we request the shipping cost door-to-door delivery, blah blah blah.
Very very urgent. Uh, finally. note is payment net payment 15 days now they don't want I Don't believe the scam is like I ship them the hundred meters. They don't want my hundred meters right? This is a scam to either get uh, your like take over your computer just like Linus or other YouTube channels and eBay um, sellers actually get hacked.

Their computers get infected. So what they'll do is if you reply to this, they will send you an infected document I download our purchase order or whatever you know. here's our purchase order. Download this.

It's an infected PDF answer infected Docx file or something like that, right? Or it's an executable zip or something. And yeah, they will dupe you into downloading that takes control of your computer. They'll steal whatever you want. They'll steal your YouTube channel your eBay accounts.

they could still any I don't know any crypto you've got on there. or you know if they can do all sorts of things anything um to do that's on your computer once they have access to it now one another. One of the Dead giveaways is that where does it come from Always check the domain of where it comes from Mitsubishi Sounds legit until you actually try and search that there's no such website. If you go down here, purchase in at Mitsubishi elevators plural with an S and then they link you to the real website here So it has got the S and if you go to Mitsubishi elevators, it looks like a legit site.

but Mitsubishi elevators. So let's add the s in there and there's no such sight right? So obviously. and then if you go to the who is right, they're for Mitsubishi elevators with an S right? It looks totally this is not the real person. There is no Mark Walton There is no one Shield Avenue in Davis California right? And this email down here is just like it's probably you know it's just a Sandbox account.

or it's just you know, a a temporary account or whatever, right? So this is not real, right? This is not real. So there you go. That is another way that they actually can get control your computer. They're not trying to steal your stock or anything.

I Don't think, but leave it in the comments down below. If you've heard of other ways that this purchasing scam I guess you could call it operates. So yeah, um, if you're running online business, just be aware of stuff like this: I Get this all the time. but usually I think this might have been the first time that they've actually mentioned like actual product product that I sell here most of the time I Just delete these things because they're just like we want to purchase a power saw or something from you and it's like what I don't sell power saws you know it's absolutely ridiculous, but this time they actually got that and if they had gotten the title right and they'd gotten everything else right and then you go and check the LinkedIn that looks like a legit person, but you didn't bother to check that the little s in there.
so they've probably got some script that just sends this out to millions and millions of uh people and uh, like they have probably have a script that has like a or they've bought a list of like known online stores or something like that and I happen to be on the list and you get it. But just be aware of these purchasing scams. Uh, they're out to steal whatever it is you have on your computer, not necessarily your product. So if you like me, uh, revealing these sorts of scams, do give this a video a thumbs up.

and as always discussed down below, catch you next time.

Avatar photo


21 thoughts on “Eevblab 112 – purchasing email scam”
  1. Avataaar/Circle Created with python_avatars Ege Ata Türkgeldi says:

    One shield avenue is actually the address of UC Davis. I went there for my graduate degree so it was funny to see it here.

  2. Avataaar/Circle Created with python_avatars Dave Turner says:

    Yet another case of – don't ring me I'll ring you!

  3. Avataaar/Circle Created with python_avatars Chris Brown says:

    Mitsubishis Elevators

  4. Avataaar/Circle Created with python_avatars Andrew Court says:

    Hi Dave. Now I think about it, I think you have made a good point / observation.. the scammers deliberately make a few, “easy to spot” errors.. to basically access the real gullible.. Even when surrounded by blatant clues, if the “mark” can still be taken in, then they are ripe for the picking!

  5. Avataaar/Circle Created with python_avatars Marc Intosh says:

    You got the fake website wrong. They put two extra S in there: mitsubishiSelevatorS

  6. Avataaar/Circle Created with python_avatars Boffin says:

    Hello Team,

    Thank you for bringing this to our notice. We have reviewed your complaint and, pursuant to our Terms of Service (TOS), have suspended the reported domain name. It shall reflect within 4 to 6 hours.

    Do let us know in case of any queries.

    Abuse Mitigation Team

  7. Avataaar/Circle Created with python_avatars Frenchcreekvalley .frenchcreekvalley says:

    I have a small website with only about 10,000 visits a month and a youtube channel of about the same amount of monthly views. Having said that, I get at least 50 of this sort of emails per day. The dumbest ones are the ones that are totally in Arabic or Japanese writing. The ones that are the fastest to figure out have me as the sender. Fortunately my email provider has a pretty good junk mail program. I figure that its just a part of living in this modern world to check the quarantine list on a daily basis.

  8. Avataaar/Circle Created with python_avatars K says:

    If you respond with a quote, sometimes they send back a PDF …. but the PDF which they use is often repeatedly re-edited by just pasting new addresses over the previous ones, so you can see the companies which they've previously targeted, and the logos which they used. They can easily pass credit checks because they use only details of a legit company, and an initial legit address in the order, but at short-notice (so often bypassing initial finance system checks) they change the delivery address to an international reshipping/self-storage place. In the case of the ones which targeted my org, I sent them a canary'd quote — they were in Nigeria, which is where they also ultimately had their products forwarded on. So if this is the same as what my org experienced, it's ultimately just impersonation of a company & then shipping products abroad to re-sell.

    Wouldn't be surprised if the products ended up being sold to countries on export control lists. They had previously targeted high-end industrial control & specialist medical hardware manufacturers etc. Police are often helpful, but it needs to be the defrauded party who raises the case — in one case they said that they were able to get a lot of hardware at the self-storage place seized.

    I suggest that people using the dnstwist tool to find lookalike domains which impersonate your employer, but it's often hard to convince registrars to suspend them because your employer is never actually contacted until someone who sold the items tries to contact your finance team to chase the payment.

  9. Avataaar/Circle Created with python_avatars Keith Whitehead says:

    Its always worth looking at the registration date of the domain name, that one was 2023, instant indication of a scam.

  10. Avataaar/Circle Created with python_avatars Tadeusz Pyś says:

    whois email is "SANB ex INC", just rotfl

  11. Avataaar/Circle Created with python_avatars Leo Curious says:

    Why dont you answer them and see how they do it? Use a virtual machine if you need to.

  12. Avataaar/Circle Created with python_avatars OvalWingNut says:

    re: "Please your quick response is very Very urgent needed…"? Face palm. P.S> Cypress, Ca. USA? A few miles away… I'll head them off at the pass! She'll be allright'

  13. Avataaar/Circle Created with python_avatars Micetticat says:

    I believe that errors in the phishing emails are in part inserted to "confuse" anti-spam software and not being detected.

  14. Avataaar/Circle Created with python_avatars alch3myau says:

    DMZ >Honeypot>airgap>rest of the network.

  15. Avataaar/Circle Created with python_avatars alch3myau says:

    "Dumbest of the dumb" … You mean Linus Tech Tips?

  16. Avataaar/Circle Created with python_avatars Roberto says:

    I wouldn't click on that link 😢

  17. Avataaar/Circle Created with python_avatars Marcelo Picoli says:

    There's an "s" in the middle too. Mitsubishi-s-elevator-s

  18. Avataaar/Circle Created with python_avatars schitlipz says:

    Prison for all fraudsters!

  19. Avataaar/Circle Created with python_avatars Doug Manatt says:

    Net 15, certainly bogus!

  20. Avataaar/Circle Created with python_avatars Кирилл Рагузин says:

    What a treat! Can you please respond to the email and ask them to send their malware so you could release it to the public and we could inspect it and see exactly what it does and how it works!

  21. Avataaar/Circle Created with python_avatars Harry Miktarian says:

    We get these all the time at work. They will either ask for a quote or send a PO for random computer components (we are a IT VAR/MSP). They do use actual companies and people…usually the email domain is just slightly off of the correct one. The first time I got one it was the fact that there was no prior contact from this company and there was no reason they would be looking across the country when they could get from any disti or locally ….also the random assortment of computer parts and quantities made little sense…did not pass the initial smell test. They also like to do the same thing but as government/education bid/quote request…but same scam.

Leave a Reply

Your email address will not be published. Required fields are marked *