The specialists of the company RiskIQ talked about fraudsters who pretend to be popular YouTubeers (including Philip DeFranco, Jeffree Star and Bhad Bhabie) and lure victims to malicious sites with fake polls. And although fraudsters are undoubtedly strong in social engineering, according to experts, they definitely cannot boast of technical knowledge.
Researchers explain that the main problem in this case is rather on the side of YouTube: the site allows attackers to easily forge the profiles of any existing users, and send dangerous spam. The fact is that the account name may differ from the name visible to channel visitors, and you can send a friend request to any platform user (when the request is accepted, you can send a personal message to this person).
This is what attackers use to create “clones” of these popular channels and send spam on behalf of these profiles. Examples of such messages can be seen below.
As you can see, in all cases the victim is invited to follow the short link (most often, bit.ly is used to shorten the URL) and participate in the drawing of a certain prize. As a result, the victim gets to the site, where she is offered to take part in the iPhone draw (the addresses of fraudulent sites correspond, for example, to iPhoneXfree [.] net and GetiPhoneXhere [.] com) or gift certificates.
If the user is not worried, then he is asked to provide information about himself, in lyuchaya name, address, country of residence and your email. It would seem that it remains only to verify this data, but now the attack goes into the main phase, which brings money to the criminals: the user is asked to follow the referral link and go through one of the proposed surveys. Income to the attackers is the personal data of people and clicks on the referral links, as the scammers pay for each visitor scammers.
Experts say that the scammers behind these campaigns are clearly not used to disguise their operations. So, a simple visit to iPhoneXfree [.] net allowed experts to find out how long this server has been used for such activity. Another site, bootstraplugin [.] com, helped discover about 300 other domains that criminals have been using since 2016.
Also, experts managed to track the statistics used by fraudsters for links Bitly. For some of them, thousands of times passed.