Fraudulent Subscription Reseller Ads on Social Media

Fraudulent subscription reselling ads on social media have proliferated in recent years, and have raised the ire of the Doppel Detections team.

In a recent interview, Doppel Detection Engineer Matt Kaneb shed light on the growing issue of subscription reseller ads plaguing social media platforms, particularly Facebook. Kaneb detailed the intricacies of these scams, explaining how they operate and their impact on both consumers and subscription-based companies.

‍

According to Kaneb, these resellers exist in a "legal gray area" by acquiring subscriptions to various services, ranging from streaming platforms like Netflix to software like Photoshop and AI tools such as ChatGPT, and then reselling access to these subscriptions on platforms like Facebook.

"These resellers acquire subscriptions for products, think Netflix, Photoshop, Chat GPT, anything with a subscription service," Kaneb explained. "They secure them and then they sell access to them to people on Facebook."

These resellers employ marketing tactics like offering temporary access at discounted rates.

"If you need Netflix for a few months, they can give you someone's account to use for a month and you pay $2 instead of $8," Kaneb noted.

Another tactic involves bundling various subscriptions together.

"Often they do these student bundles that give you Chat GPT and Grammarly and Turn It In, and maybe others like Quizlet and Coursera," he added.

‍

Credential Leaks Fuel Resellers

‍

The source of these subscriptions is often questionable, and sources of login credentials likely include leaked information purchased on the dark web, Kaneb said.

“There's big data sets of usernames and passwords that get leaked and they give them a try," Kaneb said. Password sharing is also an issue.

Kaneb emphasized the impact of these scams on legitimate companies.

"It is literally taking money out of the pockets of these streaming companies,” Kaneb said. Quarter-over-quarter user growth goals are difficult to achieve with users obtaining leaked credentials and sharing passwords.

According to the Doppel Detections team, this issue is widespread, affecting various sectors.

These insights highlight the complexity and scale of the fraudulent subscription reseller issue, underscoring the need for vigilance from both consumers and companies.

‍

10 Things to Know About Fraudulent Subscription Resellers

‍

Along with Kaneb, we interviewed a former user of subscriptions resold on social media. Here’s 10 attributes the user identified regarding this attack type:

1. Advertising and Marketplaces: Fraudulent resellers advertise their services on various platforms. These platforms include:

‍

• Google Search results
• Twitter
• Social media forums and marketplaces
• Potentially Facebook Marketplace

‍

2. Initial Contact: Potential buyers contact the sellers through direct messages on social media platforms like Twitter or via forum postings.

‍

3. Offers and Guarantees: Sellers offer heavily discounted subscriptions (up to 70% off). They may also:

‍

• Promise working accounts for specific periods (e.g., up to six months).
• Provide replacement guarantees if the initial account doesn't work, offering multiple alternative accounts.

‍

4. Payment Methods: Payments are often requested through non-traditional methods, such as:

‍

• Cryptocurrency
• PayPal
• Cash App
• Credit card or traditional fiat currency payments are typically not accepted.

‍

5. Account Delivery: After payment, sellers provide usernames and passwords for the subscription services.

‍

6. Support and Replacements: Sellers often offer prompt customer service, providing replacement accounts if the initial ones do not work. This can create an impression of a legitimate operation.

‍

7. Source of Accounts: The accounts provided are likely stolen credentials. Sellers may acquire these credentials through:

‍

• Purchasing data leaks in bulk from the dark web.
• Conducting credential theft themselves.

‍

8. Operations: The resellers often appear to run organized operations with support teams providing 24/7 coverage to fulfill orders and support requests promptly.

‍

9. Communication: Communication with sellers is often in good English, typically through platforms like Telegram, forum sites, or social media channels.

10. Business Model: The business model thrives on providing discounted services by leveraging stolen credentials. This enables them to offer significant discounts as they are not incurring the original cost of the subscriptions.