Contributor: Lamine Aouad
SMS spammers are attempting to avoid URL filters by hiding links in YouTube videos. Symantec discovered this trend in a recent SMS spam campaign, which disguised the sender as a woman looking to date the message’s recipient. The message directed the user to a YouTube video, which asked them to “get verified” by visiting a link included in the video. However, this link instead led the user to an adult website. If the user signed up to the site, then their credit card would be charged with membership fees.
Challenges for SMS spammers
Most spammers make their money through scams, phishing campaigns, or affiliate programs. In affiliate programs, the affiliate can earn revenue by directing users to join another business’ website. Spammers do this by sharing links through different channels, such as SMS messages and emails, and tricking people into registering to the website.
Over the last few years, we have seen SMS spammers looking for new ways to bypass URL filters. However, the SMS message-size limitation doesn’t give much room for spammers to create complex or creative obfuscations. Along with this, if the phone doesn’t recognize the URL in the message, it does not make the link directly clickable, potentially reducing the number of visitors to the site.
For this reason, SMS spammers have relied on shortened links, free hosting services, and newly registered domains in order to hide and deliver their attacks. But SMS spam filter technology has evolved accordingly and can successfully block these threats.
Hiding spam links in YouTube videos
Over the last week, we have discovered SMS spammers’ new trick to hide adult spam links in text messages and make them look like legit SMS traffic.
Instead of including a typical affiliate link in the messages, the attackers added the link to a YouTube video along with the following message:
“Hey there [CLASSIFIEDS WEBSITE] Im assuming ? Im Alexis.. heres a video [YOUTUBE VIDEO LINK] to show I'm the same girl in the pic on there”
If the user visits the link, they will be directed to a YouTube video of a woman asking the viewer to “get verified” before she agrees to meet them.
Figure. SMS spammers’ YouTube video asks the user to “get verified” by visiting a link. YouTube has already taken down the spammers' account
If the user visits the link included in the video to “get verified,” they will instead be directed to an adult website’s registration page. The site asks for the user’s credit card number and charges their card if they go through with the registration process.
Our research leads us to believe that the spammers targeted users of a classifieds website by creating fake dating ads. Through these ads, the spammers continuously mined phone numbers and email addresses for their future campaigns. Other adult-themed scammers have used this strategy before to obtain targets.
Don’t be fooled by SMS spam
While this technique has been used before in emails, it is novel in the SMS field. With the rise in popularity of mobile dating apps, we believe that more spammers may target mobile platforms with these types of campaigns.
Users should adhere to the following best practices if they want to avoid falling for dating scams:
- Exercise caution when receiving unsolicited, unexpected, or suspicious emails and SMS messages.
- Avoid visiting links in unsolicited, unexpected, or suspicious emails. Users should particularly be wary of messages that obfuscate the link in some way, as the sender may be trying to circumvent URL filters.
- Report scam videos on YouTube to get them removed from the site.