The Fake Diploma Forum Spammer - Internet Oddities

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

omg this is crazy good stuff, any follow up yet?

👍︎︎ 1 👤︎︎ u/clemens1337 📅︎︎ Nov 03 2019 🗫︎ replies

Captions

today there are a lot more digital filters to prevent spam posts from taking over online discussion almost every single website today has some form of human built-in verification process to combat the issue while spam is a whole certainly exists in many formas today its prolific to see one bot seemingly capable of taking over almost any website that it can and over the past year one bot seems to have done just that while I can't speak on how difficult it would be to create a bot like the one we're about to discuss what I can say is that this bot is created one of the most absurd rabbit holes I have ever seen by connecting almost every single forum on the Internet down the line we're gonna get to the software likely behind this spam but for now let me just explain the situation as most of you know forums are a main discussion platform on the web they're great for niche discussions in home to many communities recently however one new type of message seems to keep popping up in almost every single forum on the Internet now when I say almost every single forum I mean almost every single forum some of the forum's are big names like Nvidia while others are small like random e-commerce websites and so on this message doesn't even appear to be limited to forums - and the spam can be found on PDF documents randomly uploaded to websites paceman Tex reddit posts and even on comment sections basically anywhere this message can be posted the spot will go ahead and do that these somewhat new posts are always in Chinese and the one we're going to be looking into today it seems to target Chinese students studying abroad I stumbled upon this from a reddit thread which has now been deleted but for the sake of this let's just start with a spam account name and DL a high high low one if you google this user name or forum handle you'll see that it's spammed at quite a few places but for the sake of this the most notable one that I found was on an essential oil forum where it had posted over 1,500 times in just a few days now these messages from the spam bots advertised fake diplomas or faked college degrees I had never known about this but apparently fake diplomas are much common in China let's read an excerpt from the LA Times on the subject matter the competition for good jobs has made such counterfeiting a lucrative business and a headache for government and universities it appears to be thriving despite a government crackdown the widespread use of forged credentials has raised doubts in Western academic and business circles about the qualifications of Chinese students and job applicants it's also an embarrassment for Chinese universities striving for world-class status the state-run Chinese news media reported that the national census in 2004 did at least 600,000 more college or university graduates than the actual number of degrees awarded now with all that put into context let's look back at our spam post reading through the post you can see that it's targeted at Chinese students that are currently studying abroad and it's aimed to give students under pressure an easy way out I'm not gonna read through the entire post here but you can pause the video if you want to take a look they advertise embassy verification for students studying abroad and they also claim to handle the Ministry of Education website verification process for a fake diploma what I found particularly schemee is that one of the reasons for selling these forged documents is on the basis that the students are facing pressure from their parents or due to various reasons they're failing to graduate smoothly and could not get a real diploma I know you can buy knockoffs of basically everything in China but it's going a step further to falsify credentials on a government website if this is real this is a full-scale operation and the fact that something like this is just sitting out on almost every forum on the internet is really crazy to think about I decided I want to try to find the source of where the spot was coming from and after checking around with various usernames on stop form spam com it appears that this individual account is posting from different proxy to IP addresses on every single account something I should explain here is that all these posts want you to contact them by WeChat which is a chat service owned by $0.10 it's very commonly used in China and it's known by the same people who own League of Legends I said earlier this has created one of the biggest webs or rabbit holes on the Internet so let me explain how you can navigate through it to find more and more spam by searching the usernames on the forum posts it leads you to more posts about different colleges and individually references a contact number on WeChat basically if you search for that number on WeChat it leads you to more forum users and the cycle continues until you get to more we chat IDs and more spam accounts as I said previously I don't know how hard it would be to set up one of these bots as they get around CAPTCHA verification but I believe there is one commercial software that is sold publicly that could be behind all of this there is a forum spam bot that seems to have all of the features that we've seen thus far and it's called X rumor it's been around for a while and it's the only bot that I could find that seems to fit all the criteria of the one we're looking at not to mention it's the only forum spam bot that I could actually find that has a version in Chinese the Wikipedia page for X rumor reads the following X rumor is a piece of software made for spamming online forums and comment sections it is marketed as a program for search engine optimization it was created by bot master Labs it is able to register and post to forums with the aim of boosting search engine rankings the program is able to bypass security techniques commonly used by many forums and blogs to deter automated spam such as account registration client detection many forms of CAPTCHAs and emailed verification before posting the program utilizes socks and HTTP proxies in an attempt to make it more difficult for administrators to block posts by source IP and features a proxy checking tool to verify the integrity and anonymity of the proxies used something I should note is that I'm not a hundred percent certain that our spam poster is the same one using this exact software and however it does line up with almost all of the utilities involved now if we get back to our spam I honestly spent way too much time sifting through it looking for clues but I did manage to dig up a few notable discoveries when me and a few others in discord we're looking at this topic this rabbit hole honestly goes a hell of a lot deeper so just bear with me one of the usernames that is involved with the spam and goes by the name DL gufu and this was a notable find here we stumbled upon this profile on a website called Z who and it's a question-and-answer website this profile if he translated is overseas qualification consultant and E and here is probably the only incident that I could find of our spammer actually posting with human behavior DL gufu oa1 is involved with a various spam as well this is just one of his other accounts that he seems to have been using here if we look at his profile we can see that he's been banned for serious violations of community management regulations which I can only guess is just Community Guidelines translated poorly on his question-and-answer history these aren't his usual advertisements whatsoever here he is seen answering questions about certain diplomas and universities and how they will affect employment and other circumstances in some of the questions he even tells people that if they have a problem with the Diploma don't submit it or else it would get blacklisted I did manage to get in contact with this spammer and found even more juicy details about this and here is where this gets even more interesting I contacted the Andi guy and pretended to be a student interested in buying a degree I pretended I was a Chinese student studying in Australia and then I wanted to get a diploma for 2021 and I would also need accreditation he asked me a few questions and mentioned that I would need to put up a 30% deposit and that the Diploma would be shipped to me after a week what's notable here is that when I asked about payment methods they mentioned that they accept a leap a WeChat and Western Union now my best guess here is that if he paid with WeChat or Western Union they would just take the money and run as there's no accountability whatsoever this is like paying for something with friends and family over PayPal as far as I know we chat is meant for in-person sales in China it doesn't have any form of escrow service so if I sent him money he could just block me Western Union is also notorious for these scams but what's interesting is that they mentioned that they accepted Ali pay which does have an escrow service that holds the money until the actual item is received and I've actually used Ali pay in the past and disputing things is actually no problem whatsoever there could be some other angle with al pay that I'm not considering that would make this a scam I'm honestly not entirely certain of the case I definitely could see them taking the money and running in certain situations but the fact that they want a deposit upfront seems to be a little bit iffy as well they wanted a 30% deposit that what it cost about five hundred and forty six dollars but the fact that they offered Ali pay in tandem with the deposit seems to offer some form of legitimacy but fake diplomas are rampant China and they are much cheaper on the street than the ones that are being advertised here so I can't see this being legitimate and I can also see it being a scam like I said before but besides the point this topic does go way way deeper as I mentioned previously this is one of the biggest rabbit holes I've ever come across and by digging through random usernames we did manage to get lucky when we came upon one little discovery while we were digging through usernames a user in my discord by the name of Cairo managed to find something that seems to suggest this diploma spammer might be connected to another business as I mentioned previously this person who has been spamming also uploads PDF documents randomly on the internet something I should note about the use of PDFs is that they always use a QR code to advertise his WeChat but here's the thing the PDF documents seem to be uploaded by a human and I have reason to believe why here in a moment here we see our standard advertisements on this scribed account but notably he left one extra text document uploaded to this website what I believe happened is that this guy uploaded a batch from a file or folder at once and forgot that this text document was in that folder if you translate the name of the actual document he uploaded it reads novice posting email and due to the nature of this being run through Google Translate I'm guessing it means new posting emails this seems to suggest that there's an entire previous set of emails used for something else and you'll soon see why in a moment this 3 page text document lists some of the emails associated with the Diploma spam bot but we did manage to find even more but what's crucial here is that there's a little Easter Egg at the of this text document in this text document towards the bottom there is one random link included in its a n five eight five eight dot-com and if we go back to googling this individual domain name can you guess what comes up more and more spam but this time they're advertising something completely different these posts are in Korean and it appears to be advertising a Korean girl shop which is just poorly translated if you go down the rabbit hole here you'll notice that they're using cow cow talk IDs which is another type of chat service if you use the same method for sifting through the spam as I showed you previously it takes you down a rabbit hole of various four and five letter domains many of these websites are dead but eventually it all leads to one individual Korean massage service in South Korea by the name of Bo what's weird about do is that they use a random Wix websites all of which are cloned and using a different web address or a four or five letter domain this massage business also lists an actual location so it seems to suggest the person running the entire diploma forgery situation seems to also have their feet in an entirely separate illegal business using the exact same marketing tactic there could be a chance that this is just a person who set up the bot as a marketing service to shady companies but what seems to suggest against that is that Andy was commenting actively about the diplomas Anzhi who under one of the usernames found on the email list this shows that whoever andy is has the log in to the bots accounts and that these spam accounts aren't just entirely set up by a separate entity remember that all of these websites are hosted on random domain names that are four to six characters long and there is one other link that is found inside of this text document that this guy uploaded accidentally this is t 776 com and if you go to this website it takes you to a list of tons of domains for sale all of them are 4 to 5 letter combinations that seem to fit the exact criteria of what deal was setting up on there Wix websites this seems to suggest that whoever made these massage websites also planned on making more clone websites just like deal has and they actively pasted this domain store use for later on to top all of that off aan five eight five eight calm isn't even finished yet and the domain was purchased recently so my guess is that this was likely the next site that they were gonna set up I believe it it's very likely that this massage parlor is in direct connection defining whoever's behind the forgery service I'm about 90% certain they're connected but I can't say it definitively we don't know the entire context of why a in five eight five eight calm was put into this text document Andy or whoever is behind the bot could have been checking out what a competitor was doing I just don't want to make an absolute confirmation in case I missed a single detail to sum all of this up this is one hell of a rabbit hole that I've really only scratched the surface on with a bot you're basically able to create an endless supply of accounts that allows someone to go digging for years the amount of digging through nonsense just to acquire the information that I have got from this has been incredibly difficult and the text document was something likely an accident there may be something else to discover in these mountains of spam but for now this is where I'm gonna leave this topic this is just one of the most bizarre things I've ever stumbled across in terms of the internet and when it comes to scams there shady crap that you see spammed across the web I've never seen anything like this all in all like I said this is where I'm gonna leave the topic and this is barely sociable have a good night [Music]

Info

Channel: Barely Sociable

Views: 772,016

Rating: 4.9233408 out of 5

Keywords: Internet mysteries, internet oddities, rabbit hole, internet rabbit hole, internet mysteries, unsolved mysteries, analysis, fake college degree, fake degree

Id: xEeyLDTAkK8

Channel Id: undefined

Length: 15min 0sec (900 seconds)

Published: Fri Nov 01 2019