Fraud Alert: Beware! YouTube Is the New, Popular Playground for Scammers
Everybody loves watching videos. You click on an exciting video shared by someone or find it on YouTube. The video seems legitimate, featuring a well-known personality and good production quality. You think, why not watch and check it out? However, the video could include a link that leads to a malicious webpage which may download and install malware on your device.
 
How could this happen, you may wonder. The webpage looks well-designed, has no spelling errors, the displays are perfect and everything appears as it should on a legitimate business portal. There are no obvious warning signs, either. And yet, you may end up losing personal and private data or your hard-earned money to this sophisticated-looking portal. So, is there a way to protect yourself from this fraud? Yes, if you are vigilant and remain cautious while going through such situations. 
 
As I keep saying, technological advancements are used to the hilt by fraudsters to improve their scamming tactics and find new ways to deceive users. One of the best examples of this exploitation is an alarming increase in deepfake scams.
 
Enhanced 5G availability and performance, coupled with the availability of a wide range of affordable devices and the introduction of new data-intensive apps and services, has led to higher data consumption for all users. 
 
Almost everyone seems to be glued to their mobile screen, watching videos and reels or reading and responding to social media messages. More people are using YouTube for videos and shorts and Instagram for reels. There are 2.5bn (billion) or 250 crore users of YouTube, which, according to security experts, is being exploited by cyber-attackers.
 
YouTube, where billions of eyes scan through endless streams of content, is the home of new and insidious cyber threats–particularly phishing and malware.
 
Security services provider Avast says, "The combination of automated advertising systems and user-generated content provides a gateway for cybercriminals to bypass conventional security measures, making YouTube a potent channel for deploying phishing and malware. Notable threats on the platform include credential stealers like Lumma and Redline, phishing and scam landing pages, and malicious software disguised as legitimate software or updates. Additionally, YouTube serves as a conduit to traffic distribution systems (TDS), directing users to malicious sites and supporting scams ranging from fake giveaways to investment schemes."
 
The rise of deepfake videos on YouTube poses significant risks by realistically mimicking people or events, misleading viewers, and spreading disinformation. "In the first quarter (Q1) of 2024, we observed multiple compromised YouTube accounts with more than 50mn (million) subscribers hijacked to spread crypto scam deepfake videos.” 
 
Avast says threat actors frequently utilise automated uploads and search engine optimisation (SEO) poisoning to enhance the visibility of harmful content. "Additionally, fake comments are rampant, deceiving viewers, promoting dangerous links, and exploiting YouTube's algorithms and user engagement to disseminate cyber threats."
 
Some key methods used by cyber-attackers to exploit the YouTube platform include malvertising (embedding malicious code in advertisements, which can then infect viewers' devices when the ads are displayed), phishing and scam promotion, and creating botnets (networks of infected devices) to launch automated attacks.
 
Fraudsters not only deceive users but also exploit content creators by hijacking their accounts or through fake sponsorship. Cyber-attackers hijack the YouTube accounts of popular creators by using phishing emails that trick them into revealing their login credentials. Once they gain access, they can change the content, post malicious links, or use the account to distribute malware. 
 
Posing as legitimate companies offering sponsorship deals to content creators, fraudsters send sponsorship proposals. When the creator agrees, he/she is sent files or links from these fraudsters purportedly containing sponsorship details but actually with malware.
 
You may often wonder how a particular video appears so regularly on YouTube under 'what next' or 'you may want to watch this too'. The reason is simple. YouTube's algorithm throws up videos similar to the content or personality you have just watched. 
 
In some cases, cyber attackers could optimise malicious videos to appear in search results and recommendations. They also use trending keywords and tags to attract a larger audience. By artificially inflating engagement metrics (views, likes, comments), attackers can manipulate YouTube's recommendation algorithms to promote their malicious content.
 
On YouTube, cyber-attackers add advertisement links in the video descriptions, leading to websites providing downloading services. While the users may assume they are downloading a legitimate piece of software or viewing a benign webpage, their device gets infected with malware.
 
Adding to the complexity, the use of deepfakes on YouTube is rising, Avast points out. "Scammers use this tech to create convincing fake videos that mimic real people, making fraudulent content more believable and difficult to identify as fake. If you see a celebrity endorsement that looks off-brand to them or a well-known person making a claim, investigate before believing it. Most endorsements will appear in the sponsored person's social media accounts."
 
Deepfake videos are created by hijacking official videos from events and using artificial intelligence (AI) tools to manipulate audio synchronisation. These videos seamlessly blend altered audio with existing visuals, making it harder for the untrained eye to tell they are anything but authentic. Moreover, scammers insert QR codes, leading to well-designed web pages that promise exclusive opportunities and lure victims into further engagement.
 
According to Avast, the most significant crypto-currency scam incident of the quarter was the misuse of the Starship Integrated Flight Test 3 (IFT-3). The attackers used the official SpaceX All Hands meeting video to deceive viewers and get them to visit the fraudulent websites. Moreover, the attackers have hijacked several YouTube channels, which have tens of millions of subscribers, to increase the probability of displaying a fake video in the list of recommended videos.
 
 
"The preliminary analysis indicates that specific attackers' wallets associated with these scams' campaigns have cashflows reaching tens of thousands of dollars," it added.
 
To combat these threats, YouTube continuously improves its security measures, such as enhancing ad review processes, employing advanced machine learning algorithms to detect suspicious activities, and providing educational resources to help users recognise and avoid scams. However, the dynamic nature of cyber threats requires ongoing vigilance from both the platform and its users.
 
This brings us to the most crucial question: How can an individual protect from these new frauds spreading fast through YouTube? 
 
Remember, cybercriminals are always looking for opportunities to exploit the weakest links online. YouTube is just one of the many platforms they use to dupe people.  
 
Here are a few suggestions to save you from online frauds, especially those spreading through YouTube...
 
1. Never open any link shared by anyone. If you really need to visit that page or watch that particular video, go directly to a platform like YouTube and search for the video. Do not search for the video on any search engine. 
 
2. Do not click on links in the video description on YouTube to download any software or app.
 
3. If you receive any mail or message about collaborations and sponsorship, always verify the authenticity before responding. Do visit the authentic portal of the entity and find out all the details about collaborations and sponsorships they offer. 
 
4. Stay alert and informed about new scams. 
 
Stay Alert, Stay Safe!
Comments
ArrayArray
Free Helpline
Legal Credit
Feedback