Scammers target YouTube's smart TV activation sites with help from Google - MrLiambi's blog

Breaking

My tweets

Advertisement

Thursday 12 August 2021

Scammers target YouTube's smart TV activation sites with help from Google

Scammers are targeting smart TV owners with a scam that could cost users thousands.

A new scam is targeting Smart TV owners by weaponizing YouTube and getting help from an unlikely source: Google Search.

So, you just bought a new Smart TV â€" maybe one with Amazon's Fire TV or Roku built-in â€" and you're looking forward to watching your favorite YouTube channels on your new big screen.

You download the YouTube app and before you can dive into the latest uploads from your favorite channels, a pop-up appears on the screen with an activation code. The pop-up tells you to input the code over at the URL: "youtube.com/activiate" in order to sync up your devices. YouTube asks you to do this so it can connect your existing account, including history and subscribed channels, to its TV app.

If you input that domain directly into your computer or phone's web browser, you'll be directed to the official YouTube link to simply activate your account. You'll be up and running with YouTube on your new television in seconds.

However, if you're someone who instinctively inputs everything into a Google Search, even a URL...well, let's just say scammers are very grateful that you're that type of person.

Mashable has uncovered a scam that weaponizes the YouTube activation screen on Smart TVs. And the scam would be impossible for the fraudsters to carry out without a huge assist from Google, YouTube's parent company.

How the scammers target YouTube viewers

The scam is fairly straightforward. A user looking to activate the YouTube app on their TV, Google searches the URL that pops up on their TV screen, and accidentally lands on a fake activation website meant to look like an official YouTube page. It's actually fairly obvious that it's not, based simply on its design, but scammers usually do that purposefully in order to target the least tech-savvy.

A screenshot of the fake YouTube website hosted on Google Sites.
A screenshot of the fake YouTube website hosted on Google Sites. Credit: Mashable screenshot

Once they click through on the fake YouTube page, they're asked to input the code to activate the YouTube app. A user will input the real activation code that they received from YouTube app on their TV screen into the fake YouTube website. The website will display an error message regardless of what a user inputs, however. The purpose is to bring them to the next screen, which tells the user that there was an error and that they need to contact YouTube support at the phone number provided.

A screenshot of the fake website's activation code screen.
A screenshot of the fake website's activation code screen. Credit: mashable screenshot

When a user calls that number, they are directed to what seems to be an overseas call-center. The scammer will then work to convince the user that they are an official YouTube employee who will help troubleshoot through the process.

The "troubleshooting" involves convincing the user that YouTube needs to charge a refundable fee to their credit card or bank account to "activate" the service. This type of fee, usually around $1 or less, is sometimes initiated through services such as PayPal or Venmo when a new user links their new account to an outside service, like a checking account with a bank. However, outside financial service providers, a user will rarely if ever come across a similar process, especially not when it comes to free social media services such as YouTube.

The scammer is banking on users not knowing this process.

Mashable has confirmed that users have lost hundreds and even thousands of dollars through this scam, through individuals who choose to remain anonymous. I personally became aware of this scam through a relative who was targeted.

The scammers on the phone use social engineering tricks to remain on the line with users for sometimes hours, convincing them they are official YouTube representatives who will get the app working on their TV for free. Users will send multiple sums of money through irreversible services like Zelle or through Uber's online gift card store with the belief that they are dealing with a real YouTube employee and the charges will be reversed upon activation.

Google's role in the scam

This scam would not work without a major assist, shockingly, from YouTube's parent company, Google.

If a user was to type in "youtube.com/activation" in Google Search, the first result is an official page from the company to legitimately set up the YouTube app on their Smart TV.

However, this page is titled "Connect a Device - Google." Not the most straightforward name for a page, especially among those who are older, less tech-savvy, or just may not know Google's connection to YouTube. Remember: the user searching for this URL is looking to set up the YouTube app.

The Google search results page for "youtube.com/activate" with the official YouTube page and two of the scam sites labeled.
The Google search results page for "youtube.com/activate" with the official YouTube page and two of the scam sites labeled. Credit: mashable COMPOSITE: SCREENSHOT: GOOGLE

The second result on the page, however, looks much more relevant to what the user is looking for. That page is titled "Youtube.com/Activate - Enter Youtube Activation Code." As you can see in the screenshot above, it just sticks out on the page more prominently.

Clicking that link brings you to the following URL: "https://sites.google.com/view/activateyou/."

This all looks legitimate, right? The title of the page being the YouTube activate URL. It even says "enter YouTube activation code." The page directs you to a "google.com" URL as well.

This is the scammers' site.

It appears the scammers discovered that a lot of users are Google searching for the YouTube URL instead of directly typing the address. Since the search results page on Google is astonishingly sparse, the scammers can simply set up a fake website at Google's very own free website services "sites.google.com." Here, any user can put together a webpage on Google's own domain. The scammer then simply titled the page "YouTube.com/Activate" in order to help it rank on Google and also so it sticks out quite prominently when a user searches for it.

In fact, looking below that scammer website on the Google Search results page, one can find it nearly completely populated with fake websites trying to trick users into thinking it's the official YouTube activation site.

Because the "youtube.com/activate" URL actually redirects to a Google.com website, the URL for YouTube's official Smart TV activation page does not show in a Google search for "youtube.com/activate" at all. As you can see in the screenshot above, it instead appears as "Connect a Device" page located on a Google URL.

How successful is this scam

It's unclear exactly how much money this YouTube scam is pulling in for the fraudsters. However, there's a number of things we can look at to assume it has been quite lucrative for running this scheme.

For one, there are quite a few scam websites ranking highly on that search results page.

A Google search showing the autocomplete predictions for "YouTube.com."
A Google search showing the autocomplete predictions for "YouTube.com." Credit: mashable screenshot

Another big tell is the autocomplete results. When typing in "youtube.com" into Google Search, Google's autocomplete returns three separate search predictions involving the "youtube.com/activate" page at the very top.

How does Google decide its autocomplete results?

"We look at the real searches that happen on Google and show common and trending ones relevant to the characters that are entered," Google says on its website.

So, autocomplete predictions are partially determined by popular searches, meaning a significant number of people are searching for the "youtube.com/activate" website.

Another way to determine the success of this scam is by looking at a YouTube channel that also ranks high on the search results page for "youtube.com/activate."

The channel, simply titled "youtube.com/activate," is utilizing the same strategy the scammers have: find easy to rank keywords that lots of people search for and rank for it.

Mashable Image

This "youtube.com/activate" channel has 3.99 million subscribers. It has zero video uploads and zero video views. Regardless of the channel sitting idle, according to the third-party social media statistics platform, SocialBlade, it has somehow garnered anywhere from 10,000 to 250,000 new subscribers each month over the past three years.

So what's going on here?

It appears users are landing on this YouTube channel, just like they do with the scammer websites, and they're clicking "subscribe," perhaps believing this is the same thing as the activation they're searching for.

Thankfully, it doesn't seem like the YouTube channel has been used for any nefarious purpose. Yet, at least.

TV activation scams are not entirely new. There have been numerous stories about TV activation scams over the past year, but those scams have mostly targeted Roku users.

However, what makes this particular scam involving YouTube so incredible is the huge assist from Google search in legitimizing the fraud.

Mashable has reached out to Google for comment and will update this piece when we hear back.

Smart TV owners looking to activate their YouTube app, legitimately and without getting scammed, should go to "youtube.com/activate" directly in their web browser.

YouTube's official TV activation page will look like this:

A screenshot of the official, legitimate website to activate the YouTube app on your Smart TV.
A screenshot of the official, legitimate website to activate the YouTube app on your Smart TV. Credit: Mashable screenshot



Source : http://feeds.mashable.com/~r/Mashable/~3/SbZmj1zp_ow/youtube-com-activate-smart-tv-google-scam

No comments:

Post a Comment