How My YOUTUBE Channel Almost Got HACKED!!! Beware this HIJACK SCAM in 2024
HTML-код
- Опубликовано: 22 окт 2024
- Learn Electronics Repair almost got hacked this week, if I wasn't so vigilant the channel could have been hijacked. Here's what happened, how I avoided it and what the scammers tried to do, in detail. Names have not been changed to protect the guilty.
Channel Memberships
Click the JOIN button shown next to my channel name and subscriber count to support the channel. And thanks guys.
Affiliate links for AliExpress
Find what you want to buy on Ali, then delete everything in the item URL after the ?
Replace the deleted stuff with so it looks like this ?af=ler2022 and you automatically send me some commission when you buy, but the price you pay stays the same. Thanks for taking the time to do this, it really helps.
I work in collaboration with:
Gran Canaria Uncovered
/ @grancanariauncovered (with Detlef and Julie. Not electronics related)
The Electronics Channel (with Carlos and Detlef)
/ @theelectronicschannel
Friends of LER
Det Builds Stuff - / @detbuildsstuff (Detlef)
Retro Upgrade - / @retroupgrade (Carlos)
For All Your PCB needs: free $5 discount coupon
www.pcbway.com...
Equipment used in my videos. These are affiliate links, you pay the normal price and I make a small commission.
ANENG AN8009 MULITIMETER
s.click.aliexp...
amzn.to/4da4Q7h
amzn.to/4fsjkkm
amzn.to/3yuf03q
amzn.to/4fwQOOD
www.banggood.c...
KAIWEETS HT118E MULTIMETER
s.click.aliexp...
amzn.to/3yC0ZRe
amzn.to/3SHIEcy
www.banggood.c...
VC480C+ MILLIOHM METER
s.click.aliexp...
amzn.to/46Gg1Cm
amzn.to/3YwUjyn
MESR-100 ESR METER
amzn.to/3yxQ0Zd
amzn.to/3WSr73A
s.click.aliexp...
XC6013L CAPACITOR METER
s.click.aliexp...
amzn.to/4cf2lzm
amzn.to/4dw9cp5
TM-902C TEMPERATURE METER
s.click.aliexp...
amzn.to/4fAz44L
amzn.to/4fBxD69
LCR-T4 COMPONENT ANALYZER
s.click.aliexp...
www.banggood.c...
amzn.to/3X4rOHv
amzn.to/3Agcj6h
FNB58 USB ANALYZER
s.click.aliexp...
amzn.to/3MgBFnn
amzn.to/4dyLU1H
www.banggood.c...
PCI POST ANALYZER
s.click.aliexp...
amzn.to/4dd8ihw
amzn.to/3LTpeO7
TL460S PLUS PCI_E ANALYZER
s.click.aliexp...
amzn.to/3WEsdi6
TOOLTOP ET120MC2 SCOPE
s.click.aliexp...
amzn.to/4dCaz5L
amzn.to/4dxOYLt
FNIRSI 1014D SCOPE
s.click.aliexp...
amzn.to/3AdZqK1
www.banggood.c...
NPS3010W 30V 10A PSU
s.click.aliexp...
amzn.to/4dzl2yM
T12 STATION WITH M8 9501 HANDLE
s.click.aliexp...
amzn.to/46E73W6
M8 9501 HANDLE
s.click.aliexp...
YIHUA 982 Soldering Station C210/C245
s.click.aliexp...
FNIRSI HS-02 PORTABLE SOLDERING C210/C245
s.click.aliexp...
amzn.to/3Yv7Ma5
QUICK 861DW
s.click.aliexp...
amzn.to/3WDF4B5
amzn.to/4ci7rdW
PROS'KIT SS-331H
s.click.aliexp...
INFIRAY P2 PRO IR CAMERA + MACRO LENS
s.click.aliexp...
www.banggood.c...
amzn.to/4coSRle
amzn.to/4coSV4s
TOOLTOP ET13S THERMAL CAMERA METER
s.click.aliexp...
ET13S MACRO LENS
s.click.aliexp...
OPTICAL MICROSCOPE
s.click.aliexp...
usa.banggood.c...
amzn.to/4dzBA9G
TOMLOV TM4K AF FLEX
amzn.to/3LY0YKs
tomlov.com/pro...
TL866 II+ PROGRAMMER
s.click.aliexp...
amzn.to/3SGKL05
CH341 PROGRAMMER
s.click.aliexp...
NC-559-ASM FLUX
s.click.aliexp...
DESOLDER BRAID (I use size 8045)
s.click.aliexp...
s.click.aliexp...
HX-T100 SOLDER (0.6MM)
s.click.aliexp...
ESD-11 TWEEZERS
s.click.aliexp...
If you would like to support this channel
You can send donations
www.paypal.com...
You can subscribe to Patreon
/ learnelectronicsrepair
You can click Join to become a channel member
Thank you
Richard
You've made a video about a scammer attempting to make money out of you, so now you're making money from him and his activity !
Brilliant. What a classic revenge 😆🤣🤣
Well done Richard and Detlef.
Perhaps you could do an updated on here or post an update comment in a few weeks about how much he has earnt for you ?
Oh for sure
Don't work as Admin on your operation system.
Use virtual machines.
Don't trust everybody. They want only your best💰💰
Good work Richard 👍👍
Good work. As always, it pays to be skeptical. Nobody gives anything away for free; there are always strings attached.
The difficulty is that a lot of established RUclips creators genuinely do get offered a lot of stuff for 'free', sometimes every day. And most of those offers are for real. You would not believe some of the stuff I am offered, and then turn down as it isn't really relevant to you, the viewer. And sometimes we also get offered money for reviewing the free stuff we got given. That's why some channels get hacked or hijacked, because they are so used to sponsorship offers. Linus Tech Tips comes to mind and he did get hijacked a year or so ago. The only reason I spotted this one is when the pdf link wanted to install something on my computer and that just didn't feel right 🤔
“EEEEv’rybody knooows that noooobody gets nothin’ for free!”
@@RobertRidgley “free”, and urgency/right now are always red flags.
The first thing I do, when I get email, like this, is check the domain. With this particular scam, I wouldn't even get beyond that... and no one else should either. It's interesting to uncover the dynamics of the scam; but thinking one is smarter than the scammers... when you don't have to be... is asking to get hacked.
One thing that stands out on the PDF was the wording. For example: In the Private Library section it reads....To access and view our Library, click this buttons. Big red flag straight away.
Yep, I spotted that right away. :D
Also don't forget that the 'From' email address can be spoofed as well. Thanks for the video.
Yes, but you reply to a spoofed email address it won't be delivered, so you won't be able to have a conversation with the sender
@@KerrySainsbury Thanks for the info that could help a lot of people watching
it's usually just the sender that's faked, you can still often inspect the email to see the sender in data, and I myself never saw anything faked in there, unless I was just unlucky
@@KerrySainsbury A common tactic is to spoof a legitimate "from" domain, and specify a different, but very similar, "reply to" domain.
A reply to such an email absolutely will be delivered.
2:53 Oh yeah! That is the "content" I am talking about! On a more serious note, I am sorry that this happened to you but they are out there!
Yeah I did think Canon might like our video work there. www.youtube.com/@GranCanariaUncovered
For admirers of videographic techniques
ruclips.net/video/c86GJRtWMZ0/видео.html
00:25:15 to the end
Oh, found a bit more content for you in the GCU channel archives, hope you appreciate the videography and camera work involved
ruclips.net/video/c86GJRtWMZ0/видео.html from 00:25:16 to end. This is just something we do to unwind at the weekends
And FWIW Gran Canaria Uncovered - Too Hot For Love
ruclips.net/video/nuqWZuIEPF4/видео.html
Typical method of highjacking session cookies for a YT channel. They get the creator to open an executable file which launches malware that captures the session cookies and sends them back to hijacker. Once they have the session cookies they can change the password for the YT account and other settings.
Yes it could have been for that purpose. the same thing that happened to Linus Tech Tips a year or so ago. The final payload seemed to open a web service which could be a back door for more malware. Or it could be a distributed crypto mining hack as Det thought. I do have some contingencies for the eventuality of the channel being hijacked but vigilence was the best weapon here, everyone take this as a cautionary tale.
Yeah I have seen two channels be hacked recently. I think they stole session browser cookies to log into the account without needing a password. They changed the channel into a scam crypto broadcast saying they would double people's crypto. They wanted to use the subscriber count and age of the channel to give legitimacy to the scam.
scammers are everywhere at 7:33 not the official link from canon
You should turn on Protected View in your pdf reader. It's in the Security settings in Preferences. Select Security | Protected View | All Files. Then all pdf will open in protected view mode and any code or activites attached to it are nulled.
Thanks for the info.
Always check the URL not to be confused with a urinal 😂
Strange that because a lot of people seem to confuse public phone boxes and letter boxes with urinals....
Close call. Well spotted and thanks for sharing your experience and how you dealt with it..
Notice also the poor englush at the end of the pdf under PRIVATE LIBRARY paragraph.
"click this buttons"
Loud and clear warning alarm bells for me are spelling and grammatical mistakes from corporate level documentation
This mistake is the location of their edit to an official Canon document imo
Good catch, and you’re lucky. You opened a PDF, as PDFs are known to execute malware as well.
I think (and Det says) that pdf will only execute malware just by opening them if you use something like Acrobat to open them. Mozilla (which I use as my default app for pdf) and some other viewers will display the pdf but prevent it from running any scripts or code. That would explain why the pdf instructed me to click on a download link rather than just doing nasty things by itself.
The reply he sent you did have the smell of a.i to me, scammers used to be much easier to spot with their good ol scamlish.. glad you realised in time 👍
this was high effort. i would have checked the email first, but other than that i can see how this would fool someone
especially RUclipsrs who regularly get offered sponsorship deals. That Canon pdf is really convincing, usually these things have such bad spelling and grammar it stands out a mile off
Loved the passive-aggressive tone at the end Richard 😅 Glad the channel is safe!
I used to love dabbling into threat analysis, should get back into it again
Hilarious that crowdstrike was the only one that detected this.....
Yeah we thougt so too!!!
I'd think they target RUclipsrs to get their google login token, at least that's what they usually do. I doubt it would install a crypto miner, at least very unlikely. Good catch. Always be on high alert whenever anyone offers you anything at all these days and use a burner machine on a segregated subnetwork to open any attachment even if everything else seems to check out.
Tomasz Piekarz It sounds like a Polish name. Thomas Baker :)
That could have been Polish rather than Turkis has I guessed
HI Richard, to be honest Canon are huge and would not promote through this type of platform. my wife is a photographer and uses Canon products exclusively and has never received any offers of promotion irrespective of monies spent. So glad you clocked before being fleeced. First point of check should be to the direct company I.e. Canon to confirm the supposed affiliation.
In return to be honest I get approached by some huge companies to make promotional videos. I've had some large consumer electronics companies approach me, but I turn 'generic' product sponsorship down as it does not fit the channel profile. I've done some sponsored reviews for Banggood and they are another large company. Recently I was offered ongoing paid sponsorship by Temu who are massive (after some to and fro I turned them down because I didn't like the T&C). Possibly the largest of all I've accepted, is a long term influencer deal from AliExpress in the last couple of weeks. I tried applying for that a while ago but basically they said don't approach us we'll approach you if we are interested. So seriously, getting approached by the likes of Canon, in itself, would not surprise me.
@@LearnElectronicsRepair Bangood, Temu and Aliexpress aren't exactly what the guy was getting at ! LOL every youtuber gets approached by those guy's, If you get an email from Rohde & Schwarz or Le Croy I would be very surprised and suspicious !
@@LearnElectronicsRepair Hey, +reputation for not accepting temu's deal
@@tomclanys Thanks. It didnt' give me enough editorial control over product reviews. AliExpress were much more flexible.
@@LearnElectronicsRepair That's great that you are getting these offers and smart that you are being selective, especially over your control of content, I certainly wouldn't want you to change your content to specific affiliation only content. that being said love the content, also your partnerships with Detlef and Carlos. Keep up the great content :)
It's a pretty basic social engineering stuff! Luring the victim to install a payload..I'm glad you guys didn't fall for it!
I wouldn’t have gotten past checking the from address and headers to see what machine it came from before binning this one. But since we didn’t see the address until the end the next thing that had my nose up was the typo @ 8:18 “click this buttons”. Not a professional document.
Really sorry my friend. What a world we allow.
Take care on the wire out there. the first thing to be cautious about is always the email address. of course they can’t also find your info in the first place if 3rd party browser cookies are constantly cleared and never, NEVER run anything suspicious without scanning them first.
Did you notice that on the original email it simply said "Hello!". If the email was genuine and not simply sent to hundreds of channels, It would have addressed you by name or your channel name.
That is a good point. Mostly I was trying to work out which of my channels was the one they wanted to sponsor, should have read more into that.
Hmm, I know it's perhaps a bit much to expect of the average email user..but generally, email will be in the spam folder for a reason.
You *can* view the email header to see whether the sender is who they claim to be.
Modern email security mechanisms are SPF, DKIM and DMARC.
You can copy and paste the header into a free analysis service to get a simplified summary.
SPF, DKIM,, and DMARC, keep spoofers, keep unauthorized users from using your email server, and those protocols determine how the server handles the unauthorized email they produce. Those protocols do mostly nothing for emails sent from a domain where the sender is an unauthorized user. I get email in my spam folder... from legit senders... that have authorization to send using that server... all the time. Email ends up in the spam folder, often enough, for unknown reasons... or sometimes... just because it has certain keywords in it.
@@willthecat3861 Yep totally agree that DMARC only protects domains from the various types of impersonation.
Up till recently when the big players started requiring a DMARC record to deliver your mail *at all* I'd say 95%+ of phishing was done by domain spoofing.
The total amount of phishing mail has reduced since then, because it's not suddenly easier to compromise an account than it was previously.
Mail from compromised accounts would typically be authenticated, passing DMARC, *therefore not be ending up in Spam, however.*
Another big step forward would be the large mail providers requiring a DMARC policy of reject to deliver your mail. Not something as weak as p=none as it is at present.
Office365 / Exchange Online is particularly bad for this as they override p=reject with p=oreject and deliver the mail to spam / quarantine regardless.
Mail from compromised accounts is a problem, but nothing in volume compared to spoofed domains.
@willthecat3861 Yep totally agree that DMARC only protects domains from the various types of impersonation.
Up till recently when the big players started requiring a DMARC record to deliver your mail *at all* I'd say 95%+ of phishing was done by domain spoofing.
The total amount of phishing mail has reduced since then, because it's not suddenly easier to compromise an account than it was previously.
Mail from compromised accounts would typically be authenticated, passing DMARC, *therefore not be ending up in Spam, however.*
Another big step forward would be the large mail providers requiring a DMARC policy of reject to deliver your mail. Not something as weak as "none" as it is at present.
Office365 / Exchange Online is particularly bad for this as they override "reject" with "oreject" and deliver the mail to spam / quarantine regardless.
Mail from compromised accounts is a problem, but nothing in volume compared to spoofed domains.
@@willthecat3861
RUclips censorship seems to dislike something in this reply:
Yep totally agree that DMARC only protects domains from the various types of impersonation.
Up till recently when the big players started requiring a DMARC record to deliver your mail *at all* I'd say 95%+ of phishing was done by domain spoofing.
The total amount of phishing mail has reduced since then, because it's not suddenly easier to compromise an account than it was previously.
Mail from compromised accounts would typically be authenticated, passing DMARC, *therefore not be ending up in Spam, however.*
Another big step forward would be the large mail providers requiring a DMARC policy of reject to deliver your mail. Not something as weak as "none" as it is at present.
Office365 / Exchange Online is particularly bad for this as they override "reject" with "oreject" and deliver the mail to spam / quarantine regardless.
Mail from compromised accounts is a problem, but nothing in volume compared to spoofed domains.
"Legit" mail ending up in spam is usually due to failing DMARC due to poor configuration (as above) or reputation - enough users have reported it as spam to cause the behaviour. Both should be red flags.
@@willthecat3861 RUclips is censoring my technical reply so I'll go with this:
It's actually rare for email to end up in spam for no reason these days.
It's usually misconfiguration (check the header), or reputation - enough users have flagged it as spam to cause the behaviour.
Either way, moving mail from spam to your inbox as a matter of course is a dangerous game.
Thank you for the heads up video!
I used to live in Gran Canaria (Vecindario) in the early 90's. I am sure thing have changed quite a bit?
Hi Richard. You stated on your RUclips channel how are you like to review products in exchange for freebies. You shouldn't be surprised that someone thought that you were a prime target for a scam.
Scammers will take any information you give out and use it against you. In extreme cases they could use the "cononagrual" in your front window, notice the lady walking by... so street side shop, yada yada .... with location come personal info, and then the phishing email... or the near-by post office suddenly has a "parcel" for you to pick up. Just click here!!! ......
Basically just be wary of EVERYTHING you have in your videos:)
THX for the knowledge btw!!! :)
Hmm well I'm not going to hide who I am and where I am just because there are some nasty people around... Yeah I have seen plenty of those local post office parcel scams, loads from my bank on a mobile number and you would not believe how many times I won a lottery I didn't enter or have been chosen by some widow, prince or priest to receive a lot of money. I usually reply back to those ones and point out that as I am an atheist I am totally unsuitable to take money from them 🤣 Sometime I ask them which god they are referring to as well, like there is only one or something, when anyone who can use google will know there are currently several hundred to choose from. So yeah I'm pretty savvy regards scams but this one did come closer than most to fooling me.
Paul Hibbert had his channel hacked this way, as did Linus Tech Tips....
Yeah I knew about Linus Tech Tips, that is in part why I was so suspicious of that pdf.
@@LearnElectronicsRepair Even Sorin got "owned" some time ago.
Gawd, she's hanging out!
Interesting video.
The link to Detlev’s Channel returns an “Isn’t Available “ message. I was told that could mean I’m blocked. If so, I don’t know what I may have done to be offensive or disrespectful but I sincerely apologize . Good video
Sorry the link is old. Take the 8128 off the end of the link
Paul Hibbell got hacked in almost exactly the same way. It wrecked him. Glad you caught it before it turned ugly.
I'm not familiar with Paul Hibbell (sorry) what is his channel?
@@LearnElectronicsRepair Paul Hibbert, Hibbert Home Tech, about a year ago, titled "I got hacked & lost EVERYTHING!"
@@massimo2k1le Thanks I'll check him out. Linus Tech Tips also got hit in basically the same way last year.
@@LearnElectronicsRepair My mistake, Hibbert, not Hibbell.
www.youtube.com/@paulhibbert
ruclips.net/video/ry8oY1-aiq8/видео.htmlsi=dll_kn9Z0CfUQXrP
I never use EMail. But then again I don`t use a smart phone either. :)
2:52 OOOOOOFFF! We need to see more of that lol ^_^
Try the full video on Gran Canaria Uncovered 😉
Pt 1 ruclips.net/video/Coh4iKeUsIA/видео.html
Pt 2 ruclips.net/video/btBi8wEAJu8/видео.html
Take care brother
Heya,thanks for the warning and good notthing has happend to your channel
good catch.
There was a reason it went to your junk folder!
To be fair I also get a lot of genuine offers for video sponsorship ending up in my junk folder
9:50 It's Polish not Turkish. The domain is PL.
Good work.
Pass this on to Jim Browning.
Straight away RED FLAG the email was in your junk folder. A company as big as CANON any emails from them would definitely not arrive in junk, thats not how the filters work.
Hopefully the hacker added some useful content 😂
That's probably stolen email address
9:14 first the polish name, now a polish email provider. If he isn't trying to fake his identity and is actually polish, then I'm sincerely sorry for this absolute lowlife of a scammer from my country. Onet is a news website that also let's you have an email just like you said. It's probably a script kiddo being terribly lazy, thinking he can get somewhere with this joke of a scam.
Wow..
ben türküm. internet sitesimdeki yazılar tütkçe değil farklı bir dil.
Thanks. Maybe polish then
@@LearnElectronicsRepair Yes, the name and the website are Polish.
Why is the video quality so poor?
What a missed opportunity, clearly an African prince (with a camera sideline) who wanted to invest in your channel. As the exe looked fairly exposed, one of the free initial use decompilers may (or may not) have revealed more (if you have a year to spare and a spare PC).
ClamAV !!!
Weird, the name is an anagram. Mozart Speaks I. There’s no way that coincidental
Interesting...
@@LearnElectronicsRepair ElectronicTheDilettante is also an anagram. That one I believe is probably a coincidence.
Scammer making money for Richard, bet he goes fuming not sharing any with him yeah 😂😂
Three weeks ago the YT channel "Un loco y su tecnología" posted a video about exactly the same case, same email, pdf, etc. The difference is that he got a protected zip file and the corresponding code to unzip it. According to him, protected zip files cannot be scanned by antivirus. The funny thing is that once they got unveiled they apologised in Russian stating "Thanks and sorry for bothering you. Have a nice day!"
I wonder if I will get a reply?
First ❤
Hey, wanted to flag this, I wonder if this is what happened to my other favourite channel, @learnelectronics ??? Anyone knows?? Its now down (not available) and all videos flagged as private! (channel link: www.youtube.com/@learnelectronics)
The .pl address says Poland.
Never open your email in the same machine you have your RUclips channel
I actually use a different email address on my channel 'about' tab than the one I use for my Google/Adsense/RUclips account
@@LearnElectronicsRepair this is what you do by default yes 😉
barstewards