Survey scammers on YouTube target users’ personal information

• Scammers run fake surveys on YouTube claiming to offer exciting prizes for survey winners thereby tricking the users to take up the survey.
• However, these scammers lack technical skills to protect their server as revealed by the security researchers who looked into the matter.

Scammers earn huge by conducting fake surveys on YouTube and other social media platforms. These scammers trick users into taking up the survey by claiming to offer exciting prizes and target their personal informaiton. However, these scammers lack technical skills in order to protect their infrastructure.

Researchers from RiskIQ revealed that such scammers fail to protect their infrastructure, leaving their servers open, thus allowing researchers to access all the contents of the servers.

Snooping into the fake survey domains

Researchers visited the index of one of the domains used for conducting fake surveys and found that the host server was long used for running fake surveys.

• Researchers noted that in one instance, the host server hosted multiple domains and such fake survey activities began around September 18, 2017.
• In another instance, researchers observed that one domain (bootstraplugin[.]com) was associated with hundreds of other domains carrying out the fake survey activity. This domain’s registration dated back to 17 January 2016.

“RiskIQ threat researcher Yonathan Klijnsma says that his company has kept an eye on a fake survey campaign currently running on YouTube since 2016, although news outlets started publicizing it only recently,” BleepingComputer reported.

Tricking victims using avatars of popular YouTubers

YouTube allows it users to associate their username with a different account name. However, when sending a private message or public message to other users, the receiver sees only the username and the avatar and not the account name.

Scammers on YouTube take advantage of this to trick users with their fake profiles. They add legitimacy to their profile by creating fake profile with username and avatar of popular YouTubers. These scammers also promise exciting prizes thereby tempting users to click on their survey links.

Yonathan Klijnsma, threat researcher at RiskIQ detailed the various steps of such survey scams which are as follows.

• Once the victims click on the survey link, they will be redirected to several shortlinks in order to complete the survey.
• Once the survey is completed by the victims, they will be offered exciting prizes such as iPhones thereby showing a fake Apple page.
• The fake phishing page will have a CTA button such as ‘Get It Now’.
• Upon clicking on the link, victims will be redirected to another page where they will be asked to provide their personal information such as names, email addresses, phone numbers, addressess, country etc.
• After providing the details, victims are presented with a message stating they are selected as winners.

By collecting users personal information, these scammers can sell the collected information and make money. These scammers can even start another phishing campaign with the collected personal information. However, researchers noted that by running such fake survey campaigns, these scammers earn a huge amount.