Stream-jacking: what it is, how it works and how to avoid it
Online scams, unfortunately, are becoming more and more popular.
One of the latest to make headlines for the problems it is creating is called "stream-jacking" and is particularly frequent on YouTube.
The hackers who implement it exploit very sophisticated social engineering and phishing techniques with the aim of stealing money or data from their victims.
Defending yourself from this scam is not impossible, however to be sure of succeeding it is essential to know it.
Stream-jacking: what it is and how it works Stream-jacking is a very subtle and dangerous form of online scam.
There are many ways to put it into practice, but the most experienced hackers mainly use two methodologies.
In the first case, it all started with the theft of a very popular YouTube channel.
To achieve this, criminals can use various strategies.
They generally pretend to be customers interested in collaborating with a content creator.
Once they have come into contact with the unfortunate person, they send him an email with malicious content, in the form of a link or .pdf file, in the hope that he will open it.
If this happens, hackers are immediately able to steal their channel from the user and can use it for their illicit activities.
Alternatively, if this first attempt fails, hackers often try to replicate an existing YouTube channel.
Doing so is not difficult for them.
They copy the setting (main page cover, profile photo, layout), buy fake subscribers (a practice that is as simple as it is illicit) and upload videos previously downloaded from the channel they intend to copy.
At this point, recognizing which channel is true and which channel is false can be quite complex, as there will be many similarities.
A careful eye can still do it, we'll see how later.
At this point, when the hackers are in possession of a channel, whether original or replicated, the scam begins.
It often happens that hackers, posing as famous content creators, ask users who watch one of their videos to press on a link or scan a QR code to donate cryptocurrencies, with the promise that these will then be returned with interest, except disappear into thin air.
To put it into practice, hackers start a live streaming from the profile, during which a video runs in loop with the QR or malicious link superimposed.
Furthermore, to ensure that no user gets involved in the scam, the comments section is often blocked, or only a small circle of moderators can access it.
Depending on the case, hackers can also place a malicious link in the comments section, if this has not been previously blocked.
Those who fall victim to this scam are often the most avid fans of YouTubers who, trusting their favorites and not realizing the scam, mistakenly end up trusting them.
read also Is the Temu app dangerous? The reasons for the alarm How to defend yourself from stream-jacking Defending yourself from stream-jacking is not difficult, however it is necessary to know well what the mechanisms that regulate it are to avoid it.
In general, a good way to stay away from this type of scam (spear-phishing, QRishing, etc.) is to remember one of the fundamental rules of internet browsing: it is better to avoid opening links whose content you do not know .
Furthermore, in the specific case of this scam, it is possible to state that – fortunately – recognizing a real YouTube channel from an ad hoc one can be quite simple: generally the latter have a decidedly unbalanced ratio between subscribers and video views, while instead, if the channels in question are "legitimate", the same relationship is much more balanced.
Also pay attention to comments: a content creator is unlikely to choose to block them during a live streaming, since these represent the main means of communication between users and their favorites.
If comments are blocked, something is probably wrong.
Finally, it is important to remember to always doubt anyone who asks – especially hastily – for money or data, because it could be a scam by someone who wants to push users into making an unconsidered decision.