A desperate YouTube moderator scam spam

Full marks for inventiveness.

Youtube scam

If you have a YouTube channel, and have had your fill of sifting through the vile torrent of abusive comments left on your video masterpieces, you can invite other people to moderate them.

It’s a simple process that requires you just to enter the URL of another YouTube channel - and a message will automagically be sent to its owner.

So far, so harmless.

But it turns out that it’s a feature that can be exploited by spammers and scammers. Spammers want to get their unwanted messages into your email inbox, but as anti-spam filters have improved their chances of getting your eyeballs on their messages have reduced over the years.

This inventive spammer has used the “Add comment moderator” feature of YouTube to send me a scam message, claiming that I have “win” (sic) an Apple iPhone X.

Youtube scam email

Hey Graham Cluley,

Lucky you! Have Win Apple iPhone X Get it From : - [URL] has made you a moderator on their channel. As a moderator, you can now remove unwanted comments from videos posted on that channel. Comments you remove will be sent to the creator for their review.

How did they get their spam message injected into YouTube’s standard “you’ve been added as a moderator” email? After all, the email really *does* come from YouTube (making it unlikely to be blocked by spam filters) and it *does* point to a YouTube channel.

It’s simple. The spammer called their channel the rather ungainly “Have Win Apple iPhone X Get it From”, and then included the URL they want their intended victim to click on. All in the actual name of the channel!

Meanwhile the “t.co” link will send you, via Twitter’s URL shortening service, to a third-party site that definitely isn’t friendly. It may be designed to steal your personal information, trick you into signing up for a bogus competition, lead to a webpage harbouring malware, or simply try to sell you something you’re not interested in.

Yes, it’s inventive. But it’s also really rather desperate. The fact that spammers are having to use crazy tricks like this to improve their chances of having their scammy messages seen by humans warms the cockles of my heart.

Oh, and yes, YouTube has now removed the offending channel.

If you receive similar messages, report them and the channel to YouTube so the user can be banned.

Tags: , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episodes:

, , ,

No comments yet.

Leave a Reply