As many await the test flight of Starship this weekend, cyber criminals did a little preparation ahead of time to seize the opportunity of Starship's spotlight.
While watching a legitimate live stream covering updates on the event, YouTube recommended a live stream which looked.. suspicious to say the least, having seen and documented similar styles of scams before that pop out right before a SpaceX launch, I clicked on the live stream and.. it was what I expected.
A live stream with typical characteristics of a scam:-
- Using hype around an event to draw in attention
- Plays a deepfake video of "Elon Musk"
- Uses compromised YouTube accounts to cover their tracks
- And obviously.. wouldn't be a modern-day scam without involving cryptocurrency and the word "free"
The site
Now I have to say, although the website looks almost exactly the same as the one I covered in my last article, its pretty well designed.. and its responsive.
So, the "rules" state that anyone sending any amount of Bitcoin from 0.1 BTC to 15 BTC will "immediately" receive double the amount back.
I left out the crypto wallet addresses so you can report them on scam databases as I did.
Diving deeper
Taking a look at the source code, they left a comment:-
<!-- Powered by Crypto**** | crypto****.cc -->
Visiting the website redirected me to their Telegram bot, which revealed the name of the group.
From there, I did some further research and found the group's main chat.
In the first message, they mentioned how many of their previous channels on Telegram have been taken down, and it looks like they did not come back in full force, as the group only has 16 members since its creation on June 17th, 2023.
After scrolling through, it seems that this is a classic "phishing kit" seller that specializes in crypto scams.
And below you can see the same exact template that was used in the live stream.
Using crt.sh, I looked up the website and as you can see, the certificate was issued very recently, just in time for the launch.
Thankfully, after checking the wallet addresses on blockchain.com, all of them were empty except for the Bitcoin wallet.
However, the wallet's balance pales in comparison to others I've seen in different scams.
What you can do
As I said at the beginning of this article, these live streams are launched from compromised YouTube accounts.
To protect yourself and others, you need to make sure your accounts are secure, and that you and others you know are informed about the types and stereotypical characteristics of crypto scams.
Protecting yourself and your channel
The root of the problem is initial access to accounts, so to lock-down your channel:-
- Use strong, randomly generated passwords
- Enable 2FA/MFA
- Configure appropriate access controls to your channel
- Secure yourself from other attack vectors, such as malware, macro-embedded documents and any phishing attempts
If you come across a suspicious website or video, look out for typical indicators of a scam:-
- Financial promises that are too good to be true
- Grammatical errors
- Use of familiarity, authority, or urgency to gain your trust
What to do if you stumble across these videos
- Report the live stream to YouTube
- Report the crypto wallet addresses on Bitcoin Abuse Database
Disclaimer
Although these scam sites are not inherently dangerous to visit, I do not recommend visiting them or scanning any QR code as this can change in the future. Your safest option is to simply report it to YouTube.