Influencers and content creators on YouTube are big business, commanding millions in branding deals and attracting legions of devoted fans. It was just a matter of time before a fraudster had the bright idea to get in on the action with a YouTube scam. Recently, this has taken the form of a good old fashioned phishing scam.
Uncovered by popular YouTuber Philip DeFranco, who boasts over 6 million subscribers, the scammers claim to be the content creators themselves. The scammer reaches out to a potential victim, promising special prizes in exchange for a few personal details.
While phishing scams are nothing new, using YouTube as a platform and masquerading as the influencers themselves is a new twist.
What is the Scam and How Does it Work?
Philip DeFranco, a YouTuber who covers news, gossip and entertainment on his channel, uncovered the scam in a video entitled ‘Massive YouTube Scams‘ last week, having been affected by it directly.
The scammer sends messages to anyone who has commented on a popular video, claiming to be the creator themselves. DeFranco highlighted examples where messages appeared to have come from him directly. But, they've also been sent ‘from' other big YouTube stars, such as make-up expert James Charles, who is so popular he managed to bring a UK city to a standstill last week.
The messages are all similar, thanking the commentator for their message, and stating, “I'm selecting random subscriber from my subscriber list for gift and you have just won it!”, followed by a link to a site for a giveaway for expensive products like iPhones. Once the user tries to claim their prize, they are asked for personal data, which is the jackpot for fraudsters.
According to posts on YouTube's own community pages, over 400 people have fallen for the scam so far. As those are just the ones who have reported the problem directly to YouTube. It's safe to assume there are many more.
YouTube's Response to the Scam
YouTube has been referring journalist queries to its support pages, where a thread on the issue has blown up, with plenty of people posting that they have been affected by the scam.
“We’re aware and in the process of implementing additional measures to fight impersonation. In the meantime, we’ve removed accounts identified as spam. You can also block any account that is spamming you. And you can report the channel via the Reporting Tool (best option is impersonation). Really appreciate you reporting spam in our messaging feature!” – Team YouTube
As well as suggesting that users block these fraudulent accounts, and report them, it also states that those have been revealed as imposter accounts have been removed from the service.
How To Avoid Phishing Scams
Phishing scams can come in many forms, whether it's an email, phone call, text or even a message on YouTube, as we've seen. There are some simple rules to follow to make sure you don't get suckered in.
- Be wary of unsolicited contact – Ask yourself why somebody would be contacting you out of the blue, especially if they are offering you a prize or financial gift. Always remember the old adage, “If it seems too good to be true, it probably is”.
- Don't click on strange links – No matter what is being offered, refrain from clicking on strange links. Even if the link appears genuine, visit the company website independently in a new window to be sure. Scam URLs tend to look similar to the real deal, but have slight differences, like “Paypail.com” or “Bankoff-America”.
- Don't give away personal details – It's a common trick to lure victims in with the promise of a high value item, and then ask for some details to process it. It can be all too easy to give away your address, phone number and even bank details without thinking. Apply the brakes and don't give your data away to an unknown.
- Time is on your side – Scammers don't like to give you too much time to think. We make bad decisions when we're under pressure, and it's common to be told that the offer is time-limited. Don't fall for it. No genuine company would pressure you into making a decision on the spot.
- Check they are who they say they are – A lot of scammers impersonate establishments like your bank. This gives them an air of authority, but be careful about who you speak to. Ask for their details, and a reference number, and say you'll phone/email them back. Don't accept any phone number or email address they give you – check for the company's head office on Google and contact them that way.
- Check the spelling and grammar – It's a common theme of scam messages that their English is terrible. Official communications from companies are carefully composed and edited – be cautious of sloppy spelling and grammar.
- Be careful with your password – If you inadvertently fall for a scammer and give away your password details, act fast. Plenty of us re-use the same passwords on multiple sites, and if a scammer gets a password and email address combo off you, they can quickly try them on multiple sites to get a hit. Our advice? Use a password manager to create strong, unique passwords for every service you use. We round up some of the best in our table below:
Best Password Managers to Choose:
Scroll horizontally to view full table on mobile devices
|Local Storage Option||✓||✓||x||✓|
|Password Generator Function||✓||✓||✓||✓|
|Live Chat Support||x||✓||x||x|
|Ease of Setup||★★★★★||★★★★★||★★★★★||★★★★★|
|Help & Support||★★★☆☆||★★★★☆||★★★☆☆||★★★☆☆|
|Value for Money||★★★★★||★★★★☆||★★★★☆||★★★★☆|
|Cost per year||$36||$60||$24||$30|
|Discounts Available||See Deals||See Deals||See Deals||See Deals|
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews.