Scammers are Targeting Influencers and Content Creators: Learn How To Recognize Scams & Stay Safe

Remember those dodgy emails claiming you had inherited millions from an estranged relative? The good ol’ days when phishing scams were all about inheritances and lottery winnings were so obviously phishy. Since we’ve grown accustomed to the old format, cybercriminals have sought to improve their approach. The FBI’s Internet Crime Complaint Center (IC3) received more than 300,000 reports from victims of phishing last year. Globally, the statistics are even more sobering. 

Social media influencers and content creators are the latest targets for spear phishing attacks — highly targeted phishing attacks. That’s because, on the one hand, brands are increasingly turning toward social media influencers for their marketing needs, and, on the other, we tend to trust brands. Attackers impersonating brand representatives find easy prey in influencers eager to secure lucrative brand deals and various sponsorships. 

What is Phishing?

Phishing is a common type of cyberattack in which an attacker uses fraudulent emails, messages, or calls to trick you into divulging private or sensitive information. What does that look like in real life?

You receive what looks to be an urgent security alert from your bank, telling you they’ve noticed suspicious activity from your account. They ask you to log in to your account immediately to verify your information and secure your account. Everything looks fine, except perhaps the login link seems a little off. The scammer probably created a look-alike login page to steal your credentials. That’s phishing. 

Phishing doesn’t require much technical knowledge, so it’s quite popular amongst scammers. Once successful, the attacker can now use your data in fraudulent activities, like identity theft or financial fraud. 

For these kinds of messages, cybercriminals tend to leverage social engineering in one way or another. In our banking  example, the malicious party knows this kind of message is likely to create a sense of urgency in you and get you to act to solve the alleged issue without careful thought. 

Phishing vs. Spear Phishing

Phishing attacks often involve sending similar, generic emails or messages to hundreds of accounts in the hopes of deceiving as many victims as possible. Spear phishing, in contrast, targets a specific individual or a group and uses personalized information to make the message look legitimate. 

The attacker will first gather as much information about you as possible, for instance, your first name, organization, job title, social media preferences, etc. This reconnaissance phase puts them in a better position to convince you of their authenticity. Here’s how that plays out in reality: 

You rant about your horrible online shopping experience on social media, making sure to name and shame the store. Within hours, you receive an apology email from the management, and they’ve so generously attached a printable coupon. But instead of being a legit certificate, the download file contains tracking malware. You’d have no reason to suspect any wrongdoing because you were probably expecting some sort of response.

Why Scammers Target Content Creators

Phishing scammers have zeroed in on influencers, YouTubers, and social media content creators for several reasons:

1. Subscribers and Followers: Scammers can trick a single content creator to reach and gain the trust of their significant and loyal social media following. 
2. Easy Information: Content creators often share personal details about themselves publicly, making information gathering easier for hyper-targeted spear phishing attacks. 
3. Significant Financial Gains: Many content creators generate high income through social media platforms, which makes them a tempting target for scammers.
4. Human Error: Content creators are still human. Some may not be up-to-speed with the latest cybersecurity trends, which makes them more susceptible to phishing attacks. Those who are interested in working with certain brands are likely to believe in phishing emails without verification.

How Scammers Deceive Content Creators

If you are a content creator or influencer with a considerable following, chances are, you’ve already come across phishing messages trying to get you to click malicious links. Even if you’ve managed to dodge them so far, know that they’ll keep coming and be even harder to detect. 

For instance, scammers may send you a legit-looking phishing email allegedly coming from YouTube or Google support, asking you to verify or update your information. Once you enter your credentials via the shared link, they can take over your account to steal money or, worse, your identity. Remember, anyone can fall into this trap if the timing and circumstances are right. Yes, even popular scam baiters like Jim Browning fell for such tactics.

Jim Browning’s Temporary Channel Deletion

A couple of years ago, scammers bamboozled Jim Browning, who himself runs a famous scam-baiting channel, into deleting his YouTube account. The scammer pretended to be YouTube support staff and warned Browning that he had a duplicate Google Adsense account running under his name. The conflict could’ve potentially resulted in the permanent suspension of his YouTube account. 

The attack was so perfectly executed that even an expert like Browning fell for it. He followed the scammer’s steps, which led to account deletion. Luckily, Browning realized it was a scam before going even further and giving the hacker his account passwords through a Google form. The incident had a happy ending since YouTube reinstated Browning’s account a few days later. 

Linus Tech Tips’ Crypto Influencer Scam

Another famous tech channel, Linus Tech Tips, fell victim to an elaborate phishing scam in March 2023. An employee at Linus Tech Tips (LTT) was deceived by a cleverly worded phishing email and opened a malware-laden attachment. The email was disguised as the terms for a potential sponsorship deal. 

The malware stole all user data from the employee’s browsers, including session tokens, which gave scammers access to three Linus Media Group YouTube channels. This time though, the attackers were after the channel’s massive following for running a crypto scam. 

They ran a live stream featuring a deep fake of Tesla’s CEO Elon Musk talking about the massive potential of crypto, NFTs, and AI. The video urged LTT’s followers to send any amount of crypto to get twice as much back. Unfortunately, this is one of many such incidents. 

Many other content creators and influencers have fallen for similar phishing attacks. Famous Youtuber PewDiePie has also fallen for a phishing message. The hacker took over his Twitter account and sent off offensive tweets and messages to his followers. Mikaela Testa, an Instagram influencer, also fell victim to a phishing scam and lost control of her account.

Scammers Impersonating CyberGhost VPN

Since Virtual Private Network providers often work with influencers, they can also be used by scammers in their ploys. For example, we’ve come across scammers pretending to be CyberGhost VPN Affiliate Managers. These scammers reach out to content creators claiming to be interested in forming a partnership and urging them to download a presentation or file containing a virus or malware – which is usually jam-packed between logos, animations, and other brand assets. Keep in mind, any insistence on downloading certain files, especially zipped or compressed folders, is a huge red flag. 

The scammers’ goal is to gain access to YouTube and other social media accounts that have a significant following and try to defraud it.

How to Recognize (Spear) Phishing: Tips for Content Creators 

Content creators must stay vigilant and up-to-date on cybersecurity best practices. They can recognize scam attempts by looking out for these common indicators of phishing:

• • • • • Sender’s email address: Phishing emails often use suspicious email addresses or domains. They may have typos or some unusual spellings or characters. For instance, the CyberGhost VPN scammer used the address, “promomanager@volny.cz” — why would a CyberGhost VPN employee use anything other than a company email address?
          

          

        • Social Engineering: Scammers often create a fake sense of urgency that attempts to trick you into a fight-or-flight state where you don’t take time to think things through and you’re more likely to make rash decisions.
        • Attachments: In order to bypass automated antivirus or malware scans in emails, scammers will link to malicious files and then insist you download them. Be extremely wary of any unsolicited emails urging you to download files.
        • Suspicious Links: Phishing links often include misspellings, unusual characters, or slight variations from legitimate URLs. Also, watch out for shortened links, such as bit.ly or goo.gl. If you can’t fully verify the source of a shortened URL, it’s best you don’t click on it at all.
        • Unusual Requests: Legitimate companies typically provide online portals or other means of communication for sensitive transactions. Emails asking for personal/sensitive information directly should raise a big red flag.

How to Protect Yourself from Phishing

Phishing isn’t solely a content creators’ issue — anyone can be a victim. Apart from paying attention to the above indicators of phishing, here’s what you can do to stay safe from all kinds of phishing attacks:

• • ️🔐 Be cautious of unsolicited or unexpected emails, social media messages, or calls. Never follow their directions without additional verification through a different platform.
  • ️🔐 Hover over any links before clicking to verify the legitimacy of the URL. Make sure that the link leads to the same URL the email mentions.
  • ️🔐 Manually enter the login page or website address into a separate browser instead of clicking on links in email messages.
  • ️🔐 Check for the website’s security and exact domain before entering any sensitive information. Look for a padlock icon in the browser’s address bar, and the URL must start with “https://.’’ Also search for the brand on Google or another search engine to double check that you’re on the right URL & domain.
  • ️🔐 Keep your operating system, browser, and security system up to date with the latest security patches.
  • ️🔐 Use strong passwords for all your accounts and change them periodically.
  • ️🔐 Use two-factor authentication (2FA) to protect your accounts and prevent scammers from accessing them with just a password.
  • ️🔐 Install anti-phishing software or browser plugins. For instance, Google’s Password Alert alerts you if you enter your Google password on a non-Google site.
  • ️🔐 Enable built-in email filters to block phishing emails.
  • ️🔐 Stay vigilant and educate yourself about the latest phishing and spear phishing attack techniques to better recognize phishing messages.

Does a VPN Protect You from Phishing?

A VPN adds an extra layer of security to your internet connection. It redirects your traffic through a secure and encrypted tunnel, making it harder for scammers to intercept and steal your data. Just make sure you use a reputable VPN with robust encryption protocols. 

CyberGhost VPN uses military-grade 256-bit AES encryption, which is virtually impossible to break. We mask your IP address to protect you from location-based targeting or other tracking techniques. 

That said, a VPN can’t prevent you from clicking on a malicious link, downloading an infected file, or from entering personal information on a fake website. It’s equally important to stay cautious of any signs of phishing emails and messages and follow the security best practices discussed above. 

Recognize Spear Phishing: Secure your Data and Identity

Cybercriminals and scammers are constantly on the lookout for ways to steal your data and identity. Content creator or not, your personal information is valuable and needs protection. Stay informed and take the necessary precautions to reduce your risk of falling for (spear) phishing and other online scams. 

Cybercriminals’ tactics evolve, but so do security measures. Don’t wait until it’s too late, follow best practices for online safety, and use trusted security tools to keep your online presence safe. Get CyberGhost VPN and keep your browsing habits private on any network.

Get CyberGhost VPN Now

FAQ