What do social media, celebrities and cryptocurrencies have in common? Well, scammers use them to trick people. Social media and the rise of cryptocurrencies have provided another avenue for scammers to steal money from unsuspecting users with no recourse for recovery.
In 2021 alone, US$770 million was reported stolen from users, almost triple the previous year. On the international day of social networks, the keys to understanding how scams have evolved on social networks.
Short video formats at the heart of the scam
The consumption of video format has grown exponentially. By the end of 2021, TikTok overtook Google as the most visited site in the world. With this trend, short video formats have become one of the preferred formats to deceive users. Scammers take advantage of stolen videos of celebrities and content creators to run scams. A recent TikTok investigation published by Tenable Research Engineer, Satnam Narang, shows how scammers create their own TikTok LIVE broadcasts with stolen images to promote TikTok giveaways, sell dubious products, and drive users to websites of adult dating.
Another investigation into YouTube Shorts published by Tenable research engineer Satnam Narang looked at 50 channels that received more than 3.2 billion views across at least 38,200 videos stolen from TikTok. “A user has received over 78 million views on their channel, but if you look at a breakdown of their actual content, it is the videos they did not create that have the highest engagement numbers. There are also a number of YouTube channels that have been created solely as hubs for stolen TikTok content, similarly to earn social currency”, says Satnam.
Fraudsters migrate from platform to platform
We have all heard of those phishing emails at the beginning of the internet where a Nigerian prince heir to the throne was in trouble and asked us via email if he could use his account to move millions of dollars. The scam was evolving to other areas, including corporate until people learned what phishing is to quickly identify a scam.
Today, scams can start on one social medium and end on another, use third-party users to legitimize the scam, and even use real cryptocurrency buying and selling services like Uniswap. It is almost a rite of passage for a new service or platform when scammers deem them worthy of plying their trade. Although the way these scams operate varies depending on each platform and its unique nuances, the types of scams are all very similar.
Impersonation of famous celebrities
Those US$10 million stolen during Elon Musk’s recent appearance on Saturday Night Live is a clear example of how the impersonation of famous celebrities is the cornerstone that allows these scams. The criminals used verified but compromised twitter accounts to lead users to a third-party website where the real scam took place. If Miley Cyrus tweets about the project it must be real, don’t you think so?
In another Tenable investigation, cybercriminals were identified as exploiting the relationship between Musk and cryptocurrencies to promote a fake $SpaceX coin using video edits of real interviews and fake tweets from Elon Musk the X. third parties that guided them to buy these tokens, taking them to a real decentralized cryptocurrency buy/sell exchange, where users would exchange Ethereum for the alleged $SpaceX coin, but could not sell it again for Ethereum or US Dollar Coin (USDC) . Satnam identified the theft of at least nearly another $1 million.
Opportunity is the fuel that ignites the user
The scams have another thing in common: there is always an opportunity to double the money invested or receive free gifts. Whether it is being the first to apply for the free gift or investing in a new project, the excitement of the opportunity is the fuel that ignites user interest. Many times, scammers also rely on urgency to try to pressure users into this space.
Another Satnam research identified how scammers warn of potential scams and then conveniently close comments or replies to tweets to avoid detection, making the twitter scams appear legitimate and entice users to fall for the scam. “Today the current scams in social media are complex: they involve multiple interactions on different platforms; they involve multiple interactions on different platforms. However, impersonation of people or brands is used to build trust, and when combined with an ‘opportunity’ seems to be the successful combination that scammers have found to close the deal”, says Satnam Narang.
Known for his contributions to the Anti-Phishing Working Group, the National Cyber Security Alliance, and for being the first researcher to report tinder bot scams, Satnam recommended the following actions to take to avoid falling victim to online social media scams:
• Advises being skeptical, that is, doubting and then acting; even if it is just a matter of following a user, giving a “like” to a video or commenting.
• Be attentive to the quality of the videos and their source. It has been identified that for the most part, the quality of the videos coming from the scammers are of low quality. This may be because they are illegally ripped or stolen from social media.
• Visit the profile and check the videos of the user. If the user does not have associated videos, or maybe has videos of other types of unrelated content, it is definitely a wake-up call.
• Mass tagging on tweets is a red flag. If you are proactively tagged in a tweet, you should be very suspicious of the motivations behind it, even if it comes from a verified Twitter account.
• If you are directed to a site, find another verification source to confirm its accuracy. Do not share sensitive information, register on the website or purchase products before searching the original website and comparing the links shared on the social network with those on the official website. In the case of cryptocurrency scams, do not blindly connect your cryptocurrency wallets to untrustworthy websites.
• Taking advantage of the existing functionality on the different platforms to report these channels when in doubt will help identify these scams and prevent other users from being scammed.
“If there is one thing for sure about social media scams, it is that scammers are determined to find creative ways to trick users”, Satnam concluded.