Soldier
Essential
- Joined
- 20.10.20
- Messages
- 87
- Reaction score
- 642
- Points
- 83
Group-IB researchers have warned of a fraudulent scheme using the popular streaming platform Twitch. Hackers copy the streams of famous gamers, add banners with the promise of easy earnings, and users end up on fraudulent resources, where they lose money and Bank card data. The company has already notified Twitch engineers about the threat.
Analysts note that the interest of scammers is not surprising, because during the pandemic, the popularity of streaming platforms has increased significantly. In the third quarter of 2020, Twitch took 91% of the streaming market worldwide by the number of hours streamed: during this period, users watched 4.7 billion hours of video on Twitch (data from Streamlabs and Stream Hatchet). In total, a record 206 million hours of video content were uploaded to the platform, and the average number of simultaneous users of the platform is 1.5 million people. And the streamers themselves earn an average of 2000-10, 000 dollars a month.
The essence of the new fraudulent scheme is simple. Hackers find channels of popular streamers and create clone accounts similar in name and design. On them, scammers start recording streams from original channels, for example, a week ago, "pasting" a banner with the promise of easy earnings into the broadcast, most often with a prize draw. Criminals also publish a special command in the stream chat (!inst in this example), and users who click on the banner are sent to a fraudulent resource — for example, https: //winstainq[.]dub/draw.
Further, the Scam develops according to the classic scheme — the victim is offered a payment of up to $ 5,000 for a small "Commission" on registration and transfer. As a result, the user enters their Bank card details on the fraudulent resource (number, name of the owner, expiration date, CVV code), a small amount is debited from the victim's account, and all the card details remain with the attackers.
To ensure that potential victims are guaranteed to get on the clone channel, attackers put it in the top search for streams, using services for cheating. To make it more convincing, the scammers posted fake reviews from the" lucky ones", where they wrote how much money they managed to get, discussed the process of crediting winnings, and advised which banks should be used for more convenient money withdrawal. In addition, comments from this stream were used to discuss current topics.
"Popular services very often become targets for scammers. in the case of streaming platforms, a run-in fraudulent scheme is used with the prospect of easy winnings or earnings, which is good for the target audience of services. Fake stream passes very quickly and if the support service needs several hours to respond, it is difficult to prevent scammers. Services should improve the means of automatic detection of fraudulent actions, increase the speed of detecting such schemes and responding to them, providing users with a simple mechanism for filing complaints, and eSports fans should critically evaluate offers of easy earnings," says Alexander Kalinin, head of CERT — GIB.
Analysts note that the interest of scammers is not surprising, because during the pandemic, the popularity of streaming platforms has increased significantly. In the third quarter of 2020, Twitch took 91% of the streaming market worldwide by the number of hours streamed: during this period, users watched 4.7 billion hours of video on Twitch (data from Streamlabs and Stream Hatchet). In total, a record 206 million hours of video content were uploaded to the platform, and the average number of simultaneous users of the platform is 1.5 million people. And the streamers themselves earn an average of 2000-10, 000 dollars a month.
The essence of the new fraudulent scheme is simple. Hackers find channels of popular streamers and create clone accounts similar in name and design. On them, scammers start recording streams from original channels, for example, a week ago, "pasting" a banner with the promise of easy earnings into the broadcast, most often with a prize draw. Criminals also publish a special command in the stream chat (!inst in this example), and users who click on the banner are sent to a fraudulent resource — for example, https: //winstainq[.]dub/draw.
Further, the Scam develops according to the classic scheme — the victim is offered a payment of up to $ 5,000 for a small "Commission" on registration and transfer. As a result, the user enters their Bank card details on the fraudulent resource (number, name of the owner, expiration date, CVV code), a small amount is debited from the victim's account, and all the card details remain with the attackers.
To ensure that potential victims are guaranteed to get on the clone channel, attackers put it in the top search for streams, using services for cheating. To make it more convincing, the scammers posted fake reviews from the" lucky ones", where they wrote how much money they managed to get, discussed the process of crediting winnings, and advised which banks should be used for more convenient money withdrawal. In addition, comments from this stream were used to discuss current topics.
"Popular services very often become targets for scammers. in the case of streaming platforms, a run-in fraudulent scheme is used with the prospect of easy winnings or earnings, which is good for the target audience of services. Fake stream passes very quickly and if the support service needs several hours to respond, it is difficult to prevent scammers. Services should improve the means of automatic detection of fraudulent actions, increase the speed of detecting such schemes and responding to them, providing users with a simple mechanism for filing complaints, and eSports fans should critically evaluate offers of easy earnings," says Alexander Kalinin, head of CERT — GIB.