WARNING! to all companies out there to be aware of people impersonating big influential Youtubers in order to elicit confidential company information.
Subscribe on LBRY: https://lbry.tv/$/invite/ @eevblog:7
Forum: https://www.eevblog.com/forum/chat/eevblog-impersonation-scam!/
#Warning #Youtube #Scam
EEVblog Main Web Site: http://www.eevblog.com
The 2nd EEVblog Channel: http://www.youtube.com/EEVblog2
Support the EEVblog through Patreon!
http://www.patreon.com/eevblog
AliExpress Affiliate: http://s.click.aliexpress.com/e/c2LRpe8g
Buy anything through that link and Dave gets a commission at no cost to you.
Donate With Bitcoin & Other Crypto Currencies!
https://www.eevblog.com/crypto-currency/
T-Shirts: http://teespring.com/stores/eevblog
Subscribe on LBRY: https://lbry.tv/$/invite/ @eevblog:7
Forum: https://www.eevblog.com/forum/chat/eevblog-impersonation-scam!/
#Warning #Youtube #Scam
EEVblog Main Web Site: http://www.eevblog.com
The 2nd EEVblog Channel: http://www.youtube.com/EEVblog2
Support the EEVblog through Patreon!
http://www.patreon.com/eevblog
AliExpress Affiliate: http://s.click.aliexpress.com/e/c2LRpe8g
Buy anything through that link and Dave gets a commission at no cost to you.
Donate With Bitcoin & Other Crypto Currencies!
https://www.eevblog.com/crypto-currency/
T-Shirts: http://teespring.com/stores/eevblog
Hi. This is just a quick warning slash announcement video for all companies out there really are not just the ones in the particular engineering field ever associated with me. even if you haven't dealt with me over the last decade. I Think this warning can actually apply to any company when it comes to dealing with.
you know, a big name, sort of Youtube type influences and I hate that term in the industry. Now what the problem is is: I Just got I Just found out that somebody has created a gmail account actually impersonating me and has contacted one of the big names in the industry who I've dealt with before and they've actually used that account impersonating me to request confidential technical information from the company and this is not well in person. This is the first time I've ever had an impersonation like this, but it's not the first time I've requested you know confidential technical information from a company. be it you know, schematics, you know, price, new products, there are various other real confidential information that companies don't want released and that's common because I might for example, have an existing NDA with the company.
or they simply trust me because you know I'm a big know and trusted name in the industry. So they go, Oh yeah, look here you go. you can have it as long as you keep it confidential Things like that. So this person successfully I impersonated me, contacted a large company and got this technical information from them.
This confidential information I won't tell you who the company is or what the information is. It doesn't really matter, this is just a general warning. It was sent from supposedly a Dave Jones at DJ Ee-vie blog at Gmail.com and they've impersonated me down the bottom. Thank you Exclamation Mark Dave eevblog Sydney Australia eevblog Calm.
First of all, that is not how I have my email footer and this certainly not my email address. My only two official email addresses in terms of when I contact people are Dave at Eevblog calm or Eevblog at Gmail.com I actually use Gmail for all my mail and eevblog comm just goes through there. So my reply to address is David Eevblog comm And anyway, but they're my only two official email addresses that I will contact people from it. So anything else like this one is a scam and it's it's rather clever.
It worked and they they actually included some like you know talking about a previous video I've done and who I've contacted in that company previously because I may have mentioned their name in the previous video or they may have just got their information from LinkedIn or something like that as that's a you know and this email went through the you know various people in the company and because the person that they contacted didn't have this technical info so they had to contact other people in company and it was forthcoming and I only found out about this because they just so happened a couple of days later just copied in my proper email address into the correspondence. I Don't know why they did that, but by happy accident they did that and that's the only way. I Found out about this and they found about some new product release information as well as the technical information that they requested. So there you go. and I can picture this happening in other industries. You know it, you know it could be Apple are releasing a new phone or whatever or something like that and one of the big youtubers with you know 20 million subs or something contacts them or they impersonate that person saying can you send the pre-release information and all that sort of stuff that could I picture that easily happening. So there you go. I haven't got my hands of the original email but the tracing the reply to address.
There's no extra information there, so it looks like they've created this gmail account with this and used it exclusively to impersonate me and get this technical information. So there you go. Just quick warning to all companies out there, not just ones associated with me, that this is a big deal. So yeah, I'd appreciate if you share this video with companies out there and just share it in general knowing that this sort of thing can happen and it was successful in this case.
So yeah, it's quite clever and it worked. So anyway, yeah, if you can help spread the message, that would be appreciated. Thanks Catch you next time.
Like always World is full of nuts!
To be honest, the box of adult toys and their specs was not worth the trouble…….
Is what fame and fortune does Dave. Dave to the Oscars
* First time that you have been made aware of. Even just this individual, could have been doing it for years. And there could be others.
Bulky reflection beyond this point. TL;DR'ers beware.
–
I've been part informally, part formally studying the technical, social and psychology aspects of social engineering ((spear)phishing in particular), for several years. I certainly don't mean to rain on anyone's parade, but I'd be very surprised if somehow this was the very first attempt at this kind of impersonative spearphishing, and as such, that very first one was the one to "get caught". Especially considering that, as you pointed out, this individual/entity succeeded. Meaning this didn't raise any eyebrows until doing so at a later time. More than likely not until the correspondance and fulfillment of the request, was (incidentally) discovered by a 3rd party.
In most of such cases, there won't be any second thoughts about this stuff. In the vast majority of (spear)phishing attempts, either it's flagged and/or treated as suspicious before commencing further dialogue or fulfilling the impersonator's request – or it's never flagged at all. Unless the request made or instruction given would be highly unusual regardless of legitimacy, there's usually no process in place for pre-screening and post process evaluation. There' simply not capacity for a 3rd party to be going through every bit of correspondence, so companies rely on employees using their judgement and reporting themselves, and some times automatic flagging of correspondance that particulary stand out in ways detectable by software filters. If the incoming(!) correspondance isn't identified as substantially unusual, it all rests on the corresponding employee's judgement. Some companies might flag outgoing correspondance for post evaluation, or do randomized spot checks. But it's exceedingly rare to actually halt outgoing correspondance for manual vetting before releasing it. Those doing such manual checks are usually backlogged, and outgoing correspondance is often time sensitive. But individuals doing such manual vetting, wouldn't be able to know that until they actually get to it, and even then they cannot know the full context of every piece of correspondance, even from reviewing it's content.
If at first the recipient has decided to oblige the request, they've already "whitelisted" the other corresponent and their request in their mind. Beyond that point, it's quite rare for that to change, unless a 3rd party of different perception gets involved. And even then, that 3rd party often has to contend with the first corrspondent's defense of their own judgement, conclusions and actions. Because concluding and admitting they potentially got fooled and tricked into doing something, is not only gonna hurt their ego, it could spell a recognition of having caused potentially quite severe harm by poor judgement. Depending on the situation, that could mean some quite substantial liability.
This is one of the primary reasons why people getting catfished, duped and milked for resources and favor, will often continue to go along for a really long while – after either someone else points out that they're likely being fooled and scammed, or they have their own initial suspicions. They often get really defensive, and reach for all kinds of defenses and explanations for why that which should be ringing their alarm bells, is Really OK in "this one instance". Personally I've experienced friends whom have been really well informed and rarional about these things, pointing out, explaining and helping others that were getting scammed in such ways – fall into the same traps themselves, and exclaim the very same kinds defenses and justifications for themselves. Even knowing through demonstration abd action, that they really do know better, including having a good understanding of why people do those things, and a firm ability to identify those in others.
Why? Because egos and feelings are fragile things, especially when it comes to admitting you have been fooled, including to yourself. People are quite inconcistant creatures, and far too many execute by unintentional "do as I say, not as I do" mentality .
Oh, that VOICE, so high-pitched. And tuck your eyebrows in, they are half-way up your forehead!!
OK!
this is not going to stop.
not until a lot of people are indicted.
Can I impersonate you to find out confidential information about SOLAR ROADWAYS??
This is fraud, report it. Gmail will have the originating IP of the creation of the account, and the emails going out. At the least, Google will ban it.
well… it is your fault for using your gmail account as a bussiness one. You have a domain, just use any of the cloud providers to have your own email server for your domain. How can you use a gmail account for business ?
I'm so glad i found you're channel! Thank you so much for you're experiments and great and easy to understand explanations! I have alot to learn about electronics and you are helping me alot! 😀👍🏻👍🏻
What????Dave Jones is an impersonator???
dude that sucks…hows the fires over there..still smokey? i hear theres flooding now too
And anyone cares? 🤷♂️
This is so sad. Sorry this happened to you. 🙁
Surely more embarrassing for the company that fell for it, if they actually gave out anything remotely "not for release"?
Hi Dave , i folow your video for a couple of years.
The bloddy "feakers" hows is try to take your place ave no place in our comunities.
I'll copy your video into wall europeans comunities i know here .
Friendly
Regards
Ph Van Roy Belgium
Sophisticated spam. Another Chi-com dirty trick!!!
Impersonation is the biggest form of flattery!
That is identity theft is certain places and is a crime punishable under the law.