Uncovered by popular YouTuber Philip DeFranco, who boasts over 6 million subscribers, the scammers claim to be the content creators themselves. The scammer reaches out to a potential victim, promising special prizes in exchange for a few personal details. While phishing scams are nothing new, using YouTube as a platform and masquerading as the influencers themselves is a new twist.
What is the Scam and How Does it Work?
Philip DeFranco, a YouTuber who covers news, gossip and entertainment on his channel, uncovered the scam in a video entitled ‘Massive YouTube Scams‘ last week, having been affected by it directly.
The scammer sends messages to anyone who has commented on a popular video, claiming to be the creator themselves. DeFranco highlighted examples where messages appeared to have come from him directly. But, they’ve also been sent ‘from’ other big YouTube stars, such as make-up expert James Charles, who is so popular he managed to bring a UK city to a standstill last week. The messages are all similar, thanking the commentator for their message, and stating, “I’m selecting random subscriber from my subscriber list for gift and you have just won it!”, followed by a link to a site for a giveaway for expensive products like iPhones. Once the user tries to claim their prize, they are asked for personal data, which is the jackpot for fraudsters. According to posts on YouTube’s own community pages, over 400 people have fallen for the scam so far. As those are just the ones who have reported the problem directly to YouTube. It’s safe to assume there are many more.
YouTube’s Response to the Scam
YouTube has been referring journalist queries to its support pages, where a thread on the issue has blown up, with plenty of people posting that they have been affected by the scam. As well as suggesting that users block these fraudulent accounts, and report them, it also states that those have been revealed as imposter accounts have been removed from the service.
How To Avoid Phishing Scams
Phishing scams can come in many forms, whether it’s an email, phone call, text or even a message on YouTube, as we’ve seen. There are some simple rules to follow to make sure you don’t get suckered in.
Be wary of unsolicited contact – Ask yourself why somebody would be contacting you out of the blue, especially if they are offering you a prize or financial gift. Always remember the old adage, “If it seems too good to be true, it probably is”.Don’t click on strange links – No matter what is being offered, refrain from clicking on strange links. Even if the link appears genuine, visit the company website independently in a new window to be sure. Scam URLs tend to look similar to the real deal, but have slight differences, like “Paypail.com” or “Bankoff-America”.Don’t give away personal details – It’s a common trick to lure victims in with the promise of a high value item, and then ask for some details to process it. It can be all too easy to give away your address, phone number and even bank details without thinking. Apply the brakes and don’t give your data away to an unknown.Time is on your side – Scammers don’t like to give you too much time to think. We make bad decisions when we’re under pressure, and it’s common to be told that the offer is time-limited. Don’t fall for it. No genuine company would pressure you into making a decision on the spot.Check they are who they say they are – A lot of scammers impersonate establishments like your bank. This gives them an air of authority, but be careful about who you speak to. Ask for their details, and a reference number, and say you’ll phone/email them back. Don’t accept any phone number or email address they give you – check for the company’s head office on Google and contact them that way.Check the spelling and grammar – It’s a common theme of scam messages that their English is terrible. Official communications from companies are carefully composed and edited – be cautious of sloppy spelling and grammar.Be careful with your password – If you inadvertently fall for a scammer and give away your password details, act fast. Plenty of us re-use the same passwords on multiple sites, and if a scammer gets a password and email address combo off you, they can quickly try them on multiple sites to get a hit. Our advice? Use a password manager to create strong, unique passwords for every service you use. We round up some of the best in our table below:
