Musicians, Film, Television and YouTube Stars Impersonated on Twitter to Promote Gift Card Spam
Feb 25, 2018 · 4 minute readimpersonationscamsgift cardssocial media
In keeping with previous trends surrounding impersonation accounts, scammers have begun to impersonate a variety of musicians, film, television and YouTube stars on Twitter in an effort to promote gift card spam.
Scammers All The Way Down
The way these scammers operate is they respond to any new tweets from a variety of accounts by spamming their replies. For instance, a recent tweet from Ellen DeGeneres (@TheEllenShow) in response to Michelle Obama (@MichelleObama) led to 8 replies from two separate impersonators of DeGeneres:
Love You Guys, Here’s Some Spam
The typical reply from an impersonator account consists of the phrase “Love you guys, here’s a gift from me.” This isn’t the only phrase, but it’s the most common one that I’ve observed thus far.
An impersonation account of Mariah Carey tweeted something different: “I have big surprise for you guys full of gifts just here ❤️”
Despite the contents of the reply, the premise is the same. Each reply contains a shortened link, typically using the Bit.ly URL shortener. I have also observed some shortened URLs using the Goo.gl shortening service.
Gift Card Affiliate Marketing Spam
All of the URLs observed in these campaigns lead to websites using the same basic template to promote a variety of gift cards as a lure to send users to an affiliate marketing site.
If a user clicks on any of the branded cards listed, they will be given options to “choose” a denomination for their gift card.
The website will then pretend to generate a gift card number. It will then prompt the user to click on a button in order to receive the key or code needed to use the so-called gift card.
As is the case with most affiliate based spam, they lead to a website that requires “human verification” in the form of completing a survey. As you might imagine these surveys are vehicles for spammers to earn a commission from the affiliate programs. It is unclear the exact amount the scammers would earn from this particular affiliate program, but the programs are clearly lucrative enough for scammers to continue promoting them.
Shortened URL Statistics
Examining the shortened URLs used in these campaigns, many of these impersonation accounts tend to reuse the same URL. This naturally led to one particular campaign having a larger volume of clicks, registering over 90,000 clicks at the time this blog was written.
There are a few other shortened URLs with a lesser volume of clicks from the hundreds to the thousands.
Variety of Accounts Impersonated
The impersonation accounts run the gamut in terms of industries. Below is a summary of the individuals who have been impersonated, sorted by their Twitter followers.
| Username | Followers |
|---|---|
| @TheEllenShow | 76,900,000 |
| @KimKardashian | 58,900,000 |
| @ddlovato | 55,000,000 |
| @Oprah | 41,600,000 |
| @wizkhalifa | 33,100,000 |
| @KylieJenner | 24,600,000 |
| @imVkohli | 23,200,000 |
| @MariahCarey | 20,700,000 |
| @camerondallas | 16,000,000 |
| @stephenfry | 13,100,000 |
| @Zendaya | 12,700,000 |
| @5SOS | 12,100,000 |
| @Michael5SOS | 10,200,000 |
| @chrissyteigen | 9,770,000 |
| @halsey | 8,820,000 |
| @troyesivan | 8,190,000 |
| @danielhowell | 7,910,000 |
| @jccaylen | 6,650,000 |
| @gucci1017 | 6,170,000 |
| @GraysonDolan | 5,700,000 |
| @EthanDolan | 5,640,000 |
| @shanedawson | 5,390,000 |
| @dylanobrien | 4,950,000 |
| @LoganPaul | 4,340,000 |
| @LaurenJauregui | 3,900,000 |
| @G_Eazy | 3,380,000 |
| @RiceGum | 2,900,000 |
| @milliebbrown | 2,090,000 |
| @sza | 1,730,000 |
| @DUALIPA | 1,610,000 |
| @FortniteGame | 1,600,000 |
| @JeffreeStar | 1,550,000 |
Please note this is not a complete list of accounts impersonated as campaigns tend to shift, so some impersonators may not have been observed.
Outlier Accounts Impersonated
While most of the impersonation accounts tend to belong to certain industries, a few outlier impersonation accounts include Indian cricket star Virat Kohli and the twitter account for the video game Fortnite.
Possible Detection Evasion Technique Identified
While investigating these impersonation accounts, I noticed that most of them modified the profile image of accounts they are impersonating. It is my belief that this was done purposely to possibly evade automated detection by Twitter and its staff.
For example, Kim Kardashian’s current profile image looks like this:
Here are two profile images used by two different impersonation accounts:
The images above have a variety of alterations to the original image. This same tactic was used across many of the impersonation accounts, which sparked my theory.
Impersonation Accounts On The Rise
Whether they are impersonating lottery winners or notable cryptocurrency figures, impersonation accounts have established a foothold in today’s social media scam landscape.
Reporting these impersonation accounts is still an important step, but it is ultimately up to the networks themselves to try to combat the rising tide of impersonators. The blue verified badge was designed to help identify authentic Twitter accounts. However, a recent report from Buzzfeed found scammers hijacked a verified account, pivoting to an impersonation account while exploiting a loophole to retain its verified badge.
A hat tip to my friend Andréa López for her contribution in kickstarting this investigation.