MrBeast Scams: Verified Accounts, DeepFakes Used in Impersonations to Promote Fake Giveaways on YouTube and TikTok
2023-10-5 03:25:0 Author: www.tenable.com(查看原文) 阅读量:11 收藏

MrBeast, the most popular YouTube creator as of October 2023, has been impersonated in a variety of scams on YouTube and TikTok, including a recent deepfake promoting a fake free iPhone 15 giveaway

Background

James Stephen “Jimmy” Donaldson, also known as MrBeast, has been impersonated across various social media platforms including YouTube and TikTok to promote a variety of scams. MrBeast, a content creator with over 188 million subscribers on YouTube as of October 2023, is known for his lavish stunts and philanthropy. He often gives away cars, large sums of money, electronics and other gifts to subscribers and participants in his YouTube videos. He also runs a charity, Beast Philanthropy. His philanthropic and charitable nature makes him an ideal person for scammers to impersonate across social media.

Over the last year, I’ve tracked a few trends involving impersonations of MrBeast.

Fake MrBeast YouTube Ads

On YouTube, scammers have used MrBeast’s photos as part of YouTube ads. Unlike the Elon Musk cryptocurrency giveaway scam ads I’ve written about before, the scammers in this instance use in-feed video ads, which appear via YouTube search results and the YouTube app Home feed.

These videos instruct users to visit a website, cashtab[.]info. Pinned video comments purportedly posted by MrBeast also provide a direct link to the website and mention an “Official Sponsor” of the giveaway. The YouTube page, SFK Offers, is verified and commented on the video just beneath the pinned comment, stating that terms and conditions apply.

The comment provides a link to the website

The website uses a cartoon likeness of MrBeast and says that over $450,000 has already been given away and that a $500 reward has been reserved for the current page visitor. In order to receive the alleged $500, users are instructed to click on the “CLAIM REWARD” button and complete a survey.

Interestingly enough, although the scammers use MrBeast’s likeness in their YouTube advertisements, creating a fake channel associated with MrBeast and having a cartoon likeness of MrBeast on the website, they add a fine print to the website that says that this offer is “Not Affiliated with MrBeast or any public figure.” This statement is part of an effort by the scammers to protect themselves against legal action from MrBeast or other public figures that they may feature in advertisements and websites affiliated with their scams.

Fake MrBeast TikTok LIVE

On TikTok, where MrBeast has over 87 million followers as of October 2023, scammers started impersonating him with fake accounts, going on TikTok LIVE using stolen livestream footage of MrBeast playing the video game “Among Us.”

I’ve previously written about how scammers used stolen footage as part of TikTok Live scams to impersonate a variety of noteworthy individuals, from celebrities to content creators. Just as in past scams, the scammers impersonate MrBeast hoping to collect gifts from unsuspecting viewers. These gifts can be converted into fiat currency, so it provides scammers with another avenue for making money.

Fake verified MrBeast TikTok accounts

Outside of the fake accounts going live on TikTok, another type of MrBeast impersonation scam happening on TikTok involves verified accounts that do not go live, but Instead comment on trending videos in order to drive traffic back to their accounts.

The scammers comment on a variety of trending videos on TikTok. These comments can be topical or benign.

The intention behind commenting, especially with a verified account, is to gather the attention of TikTok users to visit their profile.

The scammers likely obtain verified TikTok accounts by stealing them through phishing attacks or purchasing them from someone on the dark web. This is why some of the profiles contain no videos, as they are in the early stages of pivoting to the MrBeast impersonation.

Other MrBeast impersonation accounts are more fleshed out, featuring a collage grid of videos that mention a “World Record Cash Giveaway” which is something that MrBeast might do. These profiles say they’re giving away a specific amount of money and ask users to click on a link in their bio.

Deepfake MrBeast TikTok ads

The culmination of these impersonations now includes a fake TikTok advertisement using a deepfake of MrBeast.

TikTok ad scams aren’t new. I’ve previously documented their prominence on TikTok in 2020, when they were used to promote dubious apps, products and services. However, they provide a definitive benefit for scammers: placement on the For You page, the most sought after real estate on TikTok.

The deepfake video used in this advertisement includes an overlay of a verified badge claiming to be MrBeast. The footage used to create this deepfake video was taken from a documentary on MrBeast from Curiosity Stream.

It is unclear which tool was used to create this deepfake, but with the improvements to generative AI over the last year, it isn’t surprising to see deepfakes like this one appearing on social media. And while it’s not perfect, it is put together well enough to trick some users into falling for this scam.

The goal behind this deepfake advertisement is to drive users to a website promoting a fake iPhone 15 giveaway. With the launch of Apple’s flagship product, scammers are trying to take advantage of the interest surrounding the new product launch. This is a tried and true method of scams that has been around for over a decade now.

Survey scams persist

The majority of these impersonations of MrBeast are designed to drive users to websites that ask them to fill out a survey. The scammers claim the survey is easy to complete, instructing users to complete anywhere from one to three deals.

These intermediary sites are designed to drive traffic to the surveys, which provide more context. For example, while the intermediary sites claim that users only need to complete one to three deals, the sites where these offers need to be completed actually state that users need to complete anywhere from 15 to 20 deals.

These so-called deals can vary from downloading free or premium apps, completing certain tasks related to those apps, or signing up for trials to services. If users do not read the fine print, they are likely to see recurring charges on their credit or debit cards.

In addition to completing these offers, users are asked to share personally identifiable information, including their names, addresses, phone numbers, and more. This information is sold to third parties for marketing purposes.

Free iPhones aren’t free

Even in the case of the supposed free iPhone 15 giveaway, the website users are directed to asks for credit card information in order to “pay for delivery.” If MrBeast can afford to purchase and giveaway 10,000 iPhones, surely he could afford to pay for the delivery costs.

Users that are directed to these websites may not realize what they are signing up for when providing their credit card information.

Under the Terms and Conditions section of the website, submitting payment card information to the website will result in the immediate charge of $6.95, which may seem like shipping charges. However, as the fine print states, this is a monthly auto-enroll program and this initial charge is called a “Draw enrollment.” While it does state that users will be shipped a “Grand Major Winnerz Draw' (sic), they do not specify what that is nor do they imply that it is an iPhone. Additionally, users are told that this enrollment is part of a trial and that after 7 days, users will be “charged the full retail price” which is $139.67. This is a recurring charge, which means users will be charged $139.67 every month until they cancel.

Spotting survey and fake giveaways on social media

It’s been well over a decade since I’ve tracked survey and fake giveaway scams on social media platforms. However, one thing has always remained true: as new social media apps and services rise in popularity, scammers will flock to these new platforms and use many of the same tactics and techniques that have worked for over a decade. Here are a few tips users can use to help spot some of these scams.

  1. Generative AI tools will make deepfake videos more convincing, so be skeptical. If you see a video of one of your favorite celebrities or content creators promoting some type of giveaway on social media, chances are it is a scam. With deepfakes getting more convincing, it is even more important to be skeptical about such giveaways on social media. Make sure you’re viewing the real, verified profile of the celebrity or content creator.
  2. Impersonations will always rise up to the surface, so dig deeper: No matter if it is a fake account or verified fake account, scammers will always create impersonation accounts using a variety of techniques. Even if you see a verified badge, always double and triple check to make sure you are interacting with the real celebrity or content creator and not an impersonator. While most of these scams I encountered were on YouTube and TikTok, platforms like X (formerly known as Twitter) allow users to purchase verified badges for a fee, so the verified badge on some platforms may not be a viable indicator of trust.
  3. Completing deals means you have to pay money upfront: If you are asked to complete a certain number of deals before you receive cash, gift cards or electronic devices, you’re being asked to pay money out of your own pocket for something that is supposed to be free.
  4. Always read the fine print. There are links at the bottom of most of these websites offering deals. Check the fine print and read the terms and conditions, privacy policy and other links to find out how your information may be used or sold to third parties and whether or not you will be charged a recurring fee for services.

Learn more

Join Tenable's Security Response Team on the Tenable Community.

Satnam Narang

Satnam Narang

Satnam joined Tenable in 2018. He has over 15 years experience in the industry (M86 Security and Symantec). He contributed to the Anti-Phishing Working Group, helped develop a Social Networking Guide for the National Cyber Security Alliance, uncovered a huge spam botnet on Twitter and was the first to report on spam bots on Tinder. He's appeared on NBC Nightly News, Entertainment Tonight, Bloomberg West, and the Why Oh Why podcast.

Interests outside of work: Satnam writes poetry and makes hip-hop music. He enjoys live music, spending time with his three nieces, football and basketball, Bollywood movies and music and Grogu (Baby Yoda).


文章来源: https://www.tenable.com/blog/mrbeast-scams-verified-accounts-deepfakes-used-in-impersonations-to-promote-fake-giveaways-on
如有侵权请联系:admin#unsafe.sh