SMS spammers trick users by hiding links in YouTube videos

BANGALORE, INDIA: Most spammers make their money through scams, phishing campaigns, or affiliate programs. In affiliate programs, the affiliate can earn revenue by directing users to join another business’ website. Spammers do this by sharing links through different channels, such as SMS messages and emails, and tricking people into registering to the website.

But SMS spammers recently have started looking for new ways to bypass URL filters. The SMS message-size limitation doesn’t give much room for spammers to create complex or creative obfuscations. Along with this, if the phone doesn’t recognize the URL in the message, it does not make the link directly clickable, potentially reducing the number of visitors to the site.

For this reason, SMS spammers have relied on shortened links, free hosting services, and newly registered domains in order to hide and deliver their attacks. But SMS spam filter technology has evolved accordingly and can successfully block these threats.

Hiding spam links in YouTube videos

Over the last week, Symantec has discovered SMS spammers’ new trick to hide adult spam links in text messages and make them look like legit SMS traffic.

Instead of including a typical affiliate link in the messages, the attackers added the link to a YouTube video along with the following message:

“Hey there Im assuming ? Im Alexis.. heres a video

to show I'm the same girl in the pic on there”

If the user visits the link, they will be directed to a YouTube video of a woman asking the viewer to “get verified” before she agrees to meet them.

If the user visits the link included in the video to “get verified,” they will instead be directed to an adult website’s registration page. The site asks for the user’s credit card number and charges their card if they go through with the registration process.

The spammers targeted users of a classifieds website by creating fake dating ads. Through these ads, the spammers continuously mined phone numbers and email addresses for their future campaigns. Other adult-themed scammers have used this strategy before to obtain targets.

Don’t be fooled by SMS spam

While this technique has been used before in emails, it is novel in the SMS field. With the rise in popularity of mobile dating apps, we believe that more spammers may target mobile platforms with these types of campaigns.

Users should adhere to the following best practices if they want to avoid falling for dating scams:

· Exercise caution when receiving unsolicited, unexpected, or suspicious emails and SMS messages.

· Avoid visiting links in unsolicited, unexpected, or suspicious emails. Users should particularly be wary of messages that obfuscate the link in some way, as the sender may be trying to circumvent URL filters.

· Report scam videos on YouTube to get them removed from the site.