Youtube phishing bot "wanna be friends" - Will it hack you??

Stuff that does not fit elsewhere and generic / global news

Youtube phishing bot "wanna be friends" - Will it hack you??

Postby Sethioz » Fri May 22, 2020 6:15 pm

"wanna be friends?" I'm sure lot of you have already heard about those spam bots that spam comments like "wanna be youtube friends" or just "wanna be friends" ..etc.

I can't be bothered making a video on this nonsense, so instead I leave some info about this matter here.
I saw some of those nonsense videos made by those dumb youtubers, who claim that if you reply to one of those bot comments, then you get hacked. .. just FACEPALM 1000x. I can't even begin to tell you how stupid that sounds!

You do not get hacked by replying to a simple bot comment, it's just that nowday people have reached a very high level of stupidity and have no idea how computers work. Do you honestly believe that youtube has vulnerability that allows you to hack someone via comments?

Before I go on, I'd like to mention that in past I have been involved in some phishing and hacking projects myself. If you want to know more about what I've been up to in the past, then you can read about it on my Forum. Also I have a secondary channel, which is focused on computer science, such as debugging, password cracking, reverse engineering, game hacking ..etc
So I know how those scams / phishing tricks work and I can tell you for 100%, you DO NOT get "hacked" when you reply to a simple comment.

Do those fools even think what is coming out of their mouth? so if you could hack someone via comments, why aren't they afraid that someone else might hack them via comments? If what they say is true, why they even comment at all? According to them, replying to any comment can potentially get you hacked, right?

Don't believe all this nonsense that dumb youtubers and their followers make up. They have lot of subs, but no brain. They only know how to scream into the mic and how to act like a total clown, but have no actual knowledge about how computers actually work.

I haven't done any research on those bots, but I know the general idea behind how those tricks work. So if you reply to one of those bots commenting "wanna be friends" with anything positive, then most likely the person behind it, will get a notification regarding potential legit replies, so he will engage with them himself, so it doesn't seem like a bot anymore. Then he will promise that he can get your channel to grow a lot in very short period of time, which is most likely true, because the main channel associated with this scam (Logan) gained a lot of views and subs in very short period of time and he claims that he can help others grow just as fast. That part is somewhat true, because you CAN fool the youtube algorithm and make your channel grow a lot. Lot of top channels have done it, but it's never free. Main idea is that you need MANY accounts, for example some Chinese companies actually run a business on boosting social media accounts, they have thousands of phones in their disposal that use legit accounts, but are remotely controlled (zombie devices), those devices can be used to engage the certain channel / account. Youtube can't ban them, because they are actually manually made legit accounts. So they all talk about your video or channel and sooner or later actual people will start engaging with this too. SmarterEveryDay made a good video about youtube algorithms and how people fool that, he even went to youtube offices and spoke to some of them personally about it. Look it up and you see what I mean, he explained it down to detail how some companies run those bots and how it can actually help grow the channel, but if you think any of them gives it out for free .. you're a fool! They either sell it as service or boost their own accounts, nobody is dumb enough to give away their own golden goose.

And that's where youtubers get greedy and only see $$$$$. Logan (behind those spam bots) most likely put together a similar system and he won't target or engage with small channels where there's nothing to gain, he most likely targets only bigger channels, but the ones who fall for it, are most likely channels with like 1000 - 100k subs. So he will trick them to give them some kind of access. He most likely says that you need to run some software or go to some website and sign-up and link your channel. Something that will give him partial or full access to your PC or channel and this is how they got "hacked". They did not get hacked, they got phished. And then he uses their accounts to run further phishing scams or he might blackmail channel owners and tell them to pay to get their channel back.

I really hate it when people misuse the word "hacker". A hacker is very intelligent and smart person, who uses computer knowledge to bypass security or completely disable it by finding a vulnerability and then exploiting it. If there would be a way to hack youtube, I'm sure someone would have found it by now. There are thousands of people every day who scan entire youtube and thousands of other websites for possible exploits. So if it was possible, then ALL youtube accounts would be at risk, this would give the hacker free hands to hack any account on his choice, but this did not happen .. therefore this bot legend is just fake news made up by idiots.
It was just a typical phishing scam, where phisher / scammer gains access to victim's computer or account because victim GIVES IT to the scammer.

All phishing scams follow same generic idea, they try and get you to GIVE them access without you realizing. That can include clicking on a link in email, which looks like legit, such as youtube.com, but in email, you can use html code and embed another link into it (hyperlink), for example the site it actually goes to, can be sub-domain made to look like youtube, such as "youtube.suport.com" or like "youtube.supp0rt.com". Most people don't even understand that in that case, youtube is just a subdomain, for example I can setup a sub-domain on my domain called "youtube.sethioz.com". Then they use that link to make it look like real youtube website, it's quite easy if you know basic html and css. So they send you to that website, saying it's some hidden youtube feature, it all looks legit (apart from the link) and most people simply won't notice it .. and there goes your details.

In fact if you're smart and know what you're doing, you can make it act as proxy website and make it even pull real details from real youtube, so your website is in middle, acting like proxy. if you enter your login, it also logs you into real youtube and pulls your info from there, so if you don't check the link, you have no idea that you're on fake website that steals your info. Such scams have been around ever since internet was invented. It's very easy to fool dumb people to click on such things. Such scam was ran in UK about 6-7 years ago, where some college programmers setup a fake bank website with similar URL and it actually interacted with real bank website, so if you login on fake website, it sends these details to real bank website and logs you in, so you won't even know it's fake until it's too late. They used a security warning, that didn't let you proceed until you read it, during that time they used your actual bank account to transfer some money (small amounts between 10 - 1000) and said it was some kind of security fee to make your account more secure. They stole over 3 million in a month before anyone even realized it's a scam.

So bottom line here, you do not get hacked if you reply to those comments or interact with those bots in any other way, you will get "hacked" only if you start following phisher instructions on how to get more views, subs or whatever the scammer promises you.

Honestly I'm glad those fools got owned. Serves them right ... I have been saying this for a long time that 99% of youtubers are dumb and have no idea how computers work.
I replied to some of those bot comments just for the lolz (obviously I knew it was bot) with like "not with a bot" or like "spam much?" and i'm not worried about being "hacked".

I made this post to inform all of my subs about this and also as "told you so".

HOW TO KNOW IT'S SCAM OR NOT? It's quite simple, always check the URL you're actually visiting and do not follow some fishy instructions (such as linking your account to some unknown site, such as those "sub 4 sub" nonsense).

- DO NOT click on any weird links in emails without checking where it actually goes to, if you're curious, copy the link (not the visible link, but the hyperlink underneath) and just use incognito tab in your browser or use a different browser (that has NO history, cache or cookies saved), because it's possible to steal your cookie (session data) if you click on phishing links, this will give scammer temporary access to your account, they don't get your pass, but they can do what you can, comment from your account, send emails, upload or delete videos ..etc

For extra security, use virtual machine to check out suspicious links if you're curious .. but obviously DO NOT enter any of your real data (don't log into any of your accounts, don't enter your credit card ..etc).

And finally, if you're not sure if it's phishing or not that you received, whatever website sends you some weird email or notification, don't follow those instructions, instead go to the official website (that you know is 100% legit, such as youtube.com) and look up their SUPPORT there, contact the support and paste them the email you got and ask if that's legit or not.

I get phishing emails every day, there's another very known youtube scam going on. They contact you from gmail account (usually) and ask to run paid pre-roll ads on your video about their product, they offer to pay 300 - 1500 dollars, it's realistic, but bit too much for a pre-roll if you ask me. I have replied to lot of them and they all follow up with similar thing, they point me to a very fishy website, that claims to be some software website, like VPN, PC security, Cloud gaming ..etc and they ask me to download their software and make a video on it .. at this point I knew 100% it was fake. I even replied back after that, and said that I can run pre-roll ads for a lot cheaper, but I have no time to check into their software. So I said that "you have to record the footage yourself and send it to me and I can do voice over and edits", but none of them agreed, they kept on pushing me to download their software. Also I tried few more tricks and said, ok well pay me 10 - 100 dollars up ahead to show you are serious and then I'll get right on it, you can see I have legit channel and done such deals before, so I'm not going to run away with that 10 - 100, but they still refused and said "we can pay you 100 if you download our software and make a quick video or screenshot that work has started".
First thing that screamed "SCAMMER" in those emails, was that they did not even use their company email, they used simple gmail.

..and that's how idiot youtubers get "hacked". They only see 300 - 1500 dollar offer and start drooling and think "WOW easy money!" ...and next moment they are crying that someone "hacked" them LOL.
I could not bother, but I really wanted to go ahead with one of them by using virtual machine and see what kind of scam they running .. oh yeah and i mentioned to couple of them, sure I'll get it up and running in virtual machine .. and after that point no more replies.

DON'T BE AN IDIOT, DON'T GET PHISHED!
User avatar
Sethioz
Admin
Admin
 
Posts: 4763
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Return to Off-topic / News

Who is online

Users browsing this forum: No registered users

cron