23 Jan
2020

Kasper VPN scam: YouTube urged to combat fraudulent ads featuring third-party brands

  • Illicit adverts on YouTube are using third-party brands to scam users
  • Most common is using popular video games to trick users to download apps
  • In worst cases, users are being tricked out of significant sums of money

Google’s video platform YouTube is being pressed to tackle the problem of scam adverts that use popular brand names to lure viewers to download unverified (and potentially malicious) phone apps. The fraudulent activity, identified by WTR, is being viewed by hundreds of thousands of people and – due to the ads being unlisted from search results – is a difficult issue for brand owners to enforce or monitor.

The issue of fraudulent and misleading ad campaigns on YouTube takes many forms. One example, which ran last week, is a promoted video that promises users free access to the popular video game Grand Theft Auto 5 (GTA V) on mobile devices (Android and iPhone). To clarify, GTA V is a console game and a mobile version does not exist. In the video, users are told to access a website to download an unverified app purporting to be the full video game (although it has a file size of just 18mb). Once downloaded, the video claims that users must then download and sign-up for a free trial to another app, ‘Kasper VPN’, to access the full game. However, users that sign-up for the Kasper VPN free trial will automatically be charged an annual subscription fee of $99.99 after three days (even if the app is deleted) – a fact not mentioned in the promoted video.

When WTR identified this advert, it had received over 118,000 views (screenshot). After contacting Google about it, the video was removed – although screenshots are available of the contents of the video (here). Furthermore, the website referenced in the video to download the unverified app (‘gtadown.com’) is still online, suggesting the campaign is ongoing.

The GTA V ad on YouTube has been viewed at least 118,000 times

It is clear from looking at the Kasper VPN app on the Google Play Store that there are numerous victims, with hundreds of one-star reviews, many stating that they have been unwittingly charged $99. “It’s a fraudulent scam and uses another app (GTA V) as its bait,” says one user, with another saying, “total scam – was downloading for human verification for another app (GTA V) and didn't grant me access to the game.” Incidentally, many of the five-star reviews are suspiciously similar (including use of repeated language, eg, 'unique solution for all your privacy related concerns' – screenshot).

Elsewhere in the one-star reviews for Kasper VPN, there is evidence of more fraudulent ad campaigns. Specifically, dozens of users claim to be have signed up to the app after trying to access a mobile version of Apex Legends (another popular video game). “Scam – YouTube ad told me to download this in order to play Apex Legends [on] mobile which isn't even a thing,” said one reviewer, and another said: “I was scammed into downloading this app to get access to Apex Legends on mobile.”

Social media threads suggest this Apex Legends ad campaign first took place in April 2019 and continued until at least a month ago. Like the GTA V scam, a website is used to download an unverified app (which is still online at ‘legendsmobile.com’ and includes artwork and screenshots from Apex Legends and the logo of video game development company Respawn Entertainment) and then directed to download/sign-up for Kasper VPN to access the game. On a Reddit thread, users claimed to have seen similar campaigns using other third-party brand assets (including Call of Duty, Fortnite, Mario, Pub G, and PlayStation), with some urging Google to take action. “YouTube ads have been severely breaking copyright laws for months,” said one user, with another adding: “It's pretty bad – it's not really obvious if you are young either [as it] it looks pretty legit except you have to start a ‘free trial’ for a VPN.”

For its part, a representative for Kasper VPN denies that it operates any fraudulent ad campaigns – and blamed “someone who is part of our affiliate campaign”. Asked further about this, the spokesperson explained to WTR: “We have various affiliate campaigns who reach potential affiliates using various affiliate networks we have partnered with. Just like other VPN companies, we pay our affiliate networks anywhere from 0.02 to 0.1 USD per install depending on the user's country. This is a standard practice in the industry and does not violate Google Play or any of the advertising network's policies. We do not support this and have already asked our affiliate network partners to identify the affiliate behind this, and make sure it is removed and doesn't happen again.”

Turning to the numerous reports of users being unwittingly charged $99.99 after signing up to the free trial, the Kasper VPN spokesperson said that “all users are able to get a refund if they have not used our services within the first 48 hours of paid subscription”, expanding: “If any person subscribes to the trial and removes the app, they get a notification informing them they are still subscribed and a link to cancel the subscription to not be charged. Any user can cancel the subscription any time they want by going to their Google Play account.”

WTR contacted Google about why it allows ad campaigns that appear to use third-party brand names fraudulently. The spokesperson did not comment on-the-record. It is worth noting, however, that Google does have numerous ad policies that address misrepresentation and misleading content, copyright infringement, and trademark infringement. However, it appears that enforcement of these ad policies is broadly in the hands of affected IP owners – and as these YouTube ad campaigns feature videos that are ‘unlisted’ (meaning they do not appear in any of YouTube’s public spaces, including search results), then monitoring for such activity is severely limited.

For that reason, then, Google must consider taking more stringent, proactive action against such malicious ad campaigns that – in some cases – are duping users out of significant sums of money. For brand owners – especially in the entertainment and technology sectors – it is a problem that should be on enforcement radars.

Tim Lince

Author | Senior reporter

[email protected]

Tim Lince