Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- in the video, you see that the email is sent with an alias (business@ubisoft.com via lifeleadership.com) this means it is created using something called an alias (explained later) this makes me believe that someone sent an email to Ubisoft business with their channel pretending to want a sponsorship, however, they didnt want a sponsorship. the link clicked would ask for a log-in. Ubisoft employee would have logged in and seen no channel. then the scam starts, they just logged into an API which allows itself to create something called "aliases" or at least in gmail they are called that. this allows them to make any email from the email's domain. then, the API creates an Alias with the name "business" this creates the email address "business@ubisoft.com"; this explains why it is sent via lifeleadership.com, its because that is the original emails alias, "[unknown name]@lifeleadership.com". then, the scammers get a bot to sift through every channel with 100k subs with a business email attached. then they send out an email to the majority of people that they found. they send an email using some legitimate-looking HTML, they probably just signed up to a newsletter from Ubisoft and copied the HTML and changed what it said. Then, they make the button you click on to download the game a link from a domain looking like an Ubisoft domain. you dont see the link due to it being a button, not text (as seen in the attached image). this is where it gets a little bit of a guessing game, as i do not have the link to monitor what it does. what I assume happens upon clicking the link, is it redirects you to a site that pulls all your web cache and cookies and looks for the "youtube" cookie/ cache file. it then sends that through to a website through a webhook and redirects you again to a page on the Ubisoft website, probably found by right clicking the trial download to Far-Cry 6 and copying the link address, this is why it shows as expired, their servers cannot handle to keep every single link created, so they expire after 30 minutes or so. and then all the hackers do is replace their the cookie/cache file with the victims. emulating their chrome browser, allowing them to go to youtube and have it look exactly like Scrizmox's, because chrome doesnt know any better, it literally thinks because the cookie is the same, its the same chrome application. they then create a Stream Event Called "This is The Ripple XRP Price After It Wins the Lawsuit Against the SEC!! (This is HUGE)" then, they get the stream key (a 24 digit code that you paste into your streaming software, allowing it to stream live) they get the stream key, and buy a 24/7 livestreaming server and give it the stream key and the looping video of the scam. they then private all the videos through the browser and then rinse and repeat until they get bored or decide to stop.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement