A scam that struck the fans of YouTube influencers, who offer lucky fans free gifts from their favorite stars, was much longer than initially thought. Last week, reports of the fraudulent scheme were published in which YouTube influencers such as Philip DeFranco, Jeffree Star and Bhad Bhabie are impersonated by scam artists who seek to cash their fame.
DeFranco mentions the scam in a YouTube video, warns subscribers that “if you have received a message from me or from any other creator who looks like something while the campaign appeared to be quite researchers believe it could have been in operation since 2016.
RiskIQ researcher Yonathan Klijnsma published on Wednesday a blog post that examined the fraud in detail. The first question you might ask is how the impersonators use the name of a high profile influencer? The answer is how YouTube manages accounts, as the channel name can differ from the actual account name.
Once an account has been set up with a fake name and the same avatar as the high-profile YouTuber, the people behind the scam can send friend requests to fans en masse. Once they have been accepted, they can send direct messages. As shown in the image below, the fraudster does not need to create any content that appears legitimate, as requests from friends do not contain channel snapshots or information beyond the spoofed name of YouTuber.
RiskIQ “This kind of impersonation works very well to send messages to other users within YouTube: friendly users, “says Klijnsma. The platform also displays the unpersonalized name under the message to further the apparent legitimacy of the message. The fraudsters then place the bait in the form of a free gift promise and often provide an external link in a reduced or bit.ly format. They are transported to a malicious website controlled by the scam artist when a victim clicks the link.
In one example, a website that impersonates Apple, iPhoneXfree.net, promises the user a free iPhone X-but they must first go through a “selection process.” The name, e-mail address, physical address and country of the victim must be submitted before the visitor can claim their “gift.” There is a catch, however: only a little more information is needed. That’s how scam artists benefit from their scam in YouTube. The victim is asked to click on a “check “button to complete surveys.”
These scams are profitable for their operators, who monetize their campaigns by adding referral clicks to online surveys of organizations that give them kickbacks, “notes Klijnsma.” The bar is incredibly low for criminals to start this type of scam; they have their top accounts on YouTube and can impersonate these content creators en masse.”
Other scams uncovered by the researcher offer free cards, and some may redirect users to different fraudulent websites depending on where they are located. RiskIQ says that submission of the survey is the goal in all cases. Unfortunately, many fans of YouTube influencers seem to have fallen for the scheme-at least until a fake website is visited.
Klijnsma tracked a selection of Bit.ly links sent fraudulently to fans and how often they were visited, and although the information below is only from a small fraction of the campaign and only relates to a handful of those impersonated, thousands of links were clicked. In addition to direct messages, scammers also used counterfeit accounts to promote albums and videos to attract potential victims to click on these malicious links.
RiskIQ says that the fraudsters have actually been running a wider campaign for a number of years, far from being a new scam. A lack of security has frequently allowed researchers to pillage the servers of the threat groups to find information about their activities.
Also known as Instagram, Nintendo, Snapchat, Twitter, Fortnite, Kylie Jenner and Nike, among many others. ”
For example, when we visited the iPhoneXfree.net domain index that served the fake rewards page used on the YouTube impersonation scam subpages, we were presented with all server content, “Klijnsma explained. ” Best part? We see the exact timestamps when they first started to use the server behind this domain, which has several domains that point to it. Very clearly, we see that around 18 September 2017 they started using this server.’
Another domain connected to the scam, bootstraplugin.com, is associated with another 300 malicious domains. This domain was registered on 17 January 2016, marked by the researchers as the earliest available indicator of the initiation of the wider scam campaign. ”
LIVE. Massive YouTube Scams, Zoella and Rita Ora Under Fire, Venezuela Uprising, Debt Shame App, & More… https://t.co/gD7B0yhF0p
— Philip DeFranco (@PhillyD) January 23, 2019
The current impersonation campaign on YouTuber is only one of the latest tricks used to drive traffic. Over the years, they have also used many other tactics, claiming innumerable victims on the way, “says Klijnsma. YouTube said when the scam was originally warned: