If you’re seeing this right now you’re probably a Youtuber, a content creator or a website owner and you’re trying to vet if someone who has sent you a partnership or a sponsorship offer is real and legit.
To get right down to the point, if its a person with a name like John Baringer representing any companies ranging from Adobe to Blackmagic Design all the way to MSI with their email address not from an official domain of the company they represent e.g. adobe.com, blackmagicdesign.com, etc. but rather from obscure domain like @volny.cz or even just plain @gmail.com then chances are good its not legit.
I previously posted a news article when one of our partners, MSI, issued a public notice stating that MSI will never reach out to you via external means (in most cases). I went on to detail this notice from MSI in another article but also went on to state how this is a sophisticated social engineering attack for you put your guard down.
With the recent LinusTechTips hacking incident becoming one of the landmarks of this attack, many content creators are now on high alert but with these attackers now aware of this situation, its best to arm yourself with knowledge on how you can spot these attempts.
The Bait
From: Corel <co*******************@vo***.cz>
Corel Studio, Inc.
Lõõtsa 5, 11415 Tallinn, Estonia
Esteemed Prospective Partner:
You, specifically your channel, have been selected from many YouTube channels to promote our new software “Corel Video Editor”.
If you will be ready to cooperate with our company and actively distribute videos with our software on your YouTube channel, then please answer this email and we will send you all the terms of the contract and the promotional video itself.
Kind regards,
John Bahringer
Customer Service Representative of Corel Studio, Inc.
Copyright 2023 Corel Studio. All rights reserved. All other trademarks are the property of their respective owners.
The email above is the full text sent to me by an individual claiming to be from Corel Studio. I am well aware of who Corel is as I have used their software but in my publishing life, I have rarely discussed anything about Corel Studio or the illustration niche in general. We have talked about the systems powering multimedia and artist PCs but rarely do we put CorelDraw on the top of those talking points. Still, this raised some huge red flags.
One, I worked in a manufacturing company before and we had artists running Corel software which often had me coordinating with Corel customer support which all used Corel domain names. The email of this person is from a @volny.cz address.
The domain volny.cz is a public email service similar to Gmail or Yahoo Mail wherein people can create their own email. While it is not rare for marketing people to use external emails, its very rare for employees directly under the company to use such emails.
The other thing is the name and title. If you are a content creator being tapped for a marketing partnership or sponsorship or just a review opportunity, a marketing person will reach out to you. A customer service representative is someone in customer care and will never contact you for marketing.
Lastly, the name John Bahringer doesn’t come up in a web search that’s related to the company. And that’s probably what led you here. Mr. John Baringer of xyz company doesn’t exist. I fear the day I get to work with an actual John Baringer and have to tell him this story.
Kidding aside, John Baringer or any name for that mattter can represent multiple companies. Based from people whom I talked to who have receive similar emails, there have been emails from BlackMagicDesign as well as numerous others. Those that don’t disclose a name, just typically shock you with an immediate pitch.
The Payload
Most of these scams will not ask you for anything. As most creators are very guarded when it comes to sharing details, that is the easiest signs someone’s trying to con their way to your channels. But this fraud is a bit smarter. Most of their attacks will have offers for a partnership and some will ask your first if you agree.
In the case of the MSI fraud emails, targets were being asked to choose from a catalog. In my case with the Corel scam, I was being given an agreemnt form. Both attempts required downloading a PDF file. For the MSI one, a very large catalog PDF of 700MB or so. For the agreement, a relatively lighter one but still a PDF.
DO NOT OPEN THESE FILES.
Once you do, it runs malicious code which resides on your computer keeping the hacker logged in regardless of password changes as long as you’re logged in on that machine. There’s far more technical details in play here but be aware that if your first reaction is changing your password in another machine BUT YOU STILL LOGIN on the infected machine, then you’re still going to get compromised.
How to Avoid These Scams: Arm Yourself With Knowledge
No amount of ads from VPN companies are going to save you from these scammers. The only way you can defend yourself is to be aware of their tactics to get you to do what they want. If they want you to sign a document, have it sent as Google document or an online PDF file that you don’t need to open. A catalog can be sent as an online viewable format. Just as you are protective of your password, be protective of your PC as well. If antivirus software can’t detect these malicious payloads that these scammers use, its up to you to keep yourself protected.
If you receive an attempt like this, its best to contact the local social media presence of the company in question. If you don’t have a local rep, try contacting their global customer support email as well. They will connect you to the right person.
In a world where-in we’re all connected and a lot of use the web as a livelihood, I hope you stay safe from all these individuals trying to take away what you’ve worked for.
