Sembit Imposter: Don't be Tricked!
by Shaun Davidson • 3 min read
Last November, a mid-sized tech company in California called us, wanting to discuss a port of their technology to the .NET platform. It seemed like a good fit, and I talked with this person (we'll call them "Bob") for an hour or so about the project. Towards the end, like I always do, I asked how they found us. Bob said, "oh, Sophie reached out via email".
Only problem is, nobody named Sophie has ever worked at Sembit...
At first, I assumed I just heard wrong, or they remembered the name wrong, and I made a mental note to figure out who it actually was. Eventually, though, we figured out that no - somebody had emailed Bob, claiming to be a Sembit employee. After we arrived at this conclusion, Bob forwarded me the email, and here it is:
Hi Bob, hope you are well.
Are you looking for .NET development services?
We are a team of experienced .NET developers delivering seamless solutions for businesses. Our deep understanding of the .NET framework enables custom web apps, software integrations, and performance optimizations.
If you already have a team working on your software project, but you want to make sure the project succeeds, we offer a Check-Up service as well.
I'd appreciate the opportunity to connect and discuss how we can collaborate.
Please let me know if we can schedule a call this week to discuss.
Regards,
Sophie Gordon | Sembit
p.s. If you don't wish to hear from us, please let us know.
This email came from sophie@sembit.net. It was pretty clear that someone was out there impersonating us, trying to skim off our reputation. Thankfully, Bob had searched for the Sembit name instead of responding to the email. But how many other people just hit "reply" and were talking to a "Sembit" employee named "Sophie"? It was time to do a little digging!
There was no website when you hit the bare URL, but using a few tools I was able to find that they DID have a landing page, and a contact form, among other pages. They were using language we had used in the previous year on our Clutch company profile. We've been highly ranked on Clutch for our region (Oregon), a few of our techology focuses (.NET, Flutter, etc), and we think they just went through those "top software developer" lists and impersonated firms, setting up fake contact pages to pretend to be them. I'm guessing there are other companies out there being impersonated as well.
I spent some time looking at other pages on sembit.net. Their site looked like a fork of our earlier site, complete with some text ripped off from an article we used to have online. The format and look and feel was completely different; it was a generic WordPress template of some kind. For fun I setup a fake Gmail account (Jeremy somebody as I recall), and reached out to "Sophie" directly via email. I also filled in their contact form, asking for more information about their services. I didn't lie, but I wasn't forthcoming about why I wanted to know more.
They never responded, and within a week the entire site was offline. When I went to write this article months later, I used the Wayback Machine to confirm - it hasn't come back online since. The trail is cold, and we'll never know more. I do wonder if this is a partially automated process - maybe they're using AI to rewrite content published by other firms, and trying to use their reputation to get work for less established software development teams. Or maybe this is an even more advanced scam, and isn't about building software at all. Regardless, it was pretty eye-opening for it to happen to us.
It's Halloween this month, so I think the moral of the story is clear: make sure you're interacting with real people, not online ghosts!
