Scammers earn huge by conducting fake surveys on YouTube and other social media platforms. These scammers trick users into taking up the survey by claiming to offer exciting prizes and target their personal informaiton. However, these scammers lack technical skills in order to protect their infrastructure.
Researchers from RiskIQ revealed that such scammers fail to protect their infrastructure, leaving their servers open, thus allowing researchers to access all the contents of the servers.
Snooping into the fake survey domains
Researchers visited the index of one of the domains used for conducting fake surveys and found that the host server was long used for running fake surveys.
“RiskIQ threat researcher Yonathan Klijnsma says that his company has kept an eye on a fake survey campaign currently running on YouTube since 2016, although news outlets started publicizing it only recently,” BleepingComputer reported.
Tricking victims using avatars of popular YouTubers
YouTube allows it users to associate their username with a different account name. However, when sending a private message or public message to other users, the receiver sees only the username and the avatar and not the account name.
Scammers on YouTube take advantage of this to trick users with their fake profiles. They add legitimacy to their profile by creating fake profile with username and avatar of popular YouTubers. These scammers also promise exciting prizes thereby tempting users to click on their survey links.
Yonathan Klijnsma, threat researcher at RiskIQ detailed the various steps of such survey scams which are as follows.
By collecting users personal information, these scammers can sell the collected information and make money. These scammers can even start another phishing campaign with the collected personal information. However, researchers noted that by running such fake survey campaigns, these scammers earn a huge amount.