New Scams


Scams have been on the rise recently, particularly on YouTube. YouTube scams typically involve fraudsters creating fake accounts or channels, promising easy money, selling fake products or services, or posing as popular creators to trick viewers into providing personal information or money. These scams can take the form of phishing emails, comments, or direct messages, and they frequently target vulnerable or naive users.

How does this work?

RTLO is a Unicode character that changes the text display direction from left-to-right to right-to-left. It can be used to display text in languages such as Arabic and Hebrew, but it can also be used by scammers to create legitimate-looking file names.

In a typical RTLO-based scam, the attacker creates a file with a legitimate-looking name that contains RTLO characters that conceal the file’s true extension. For example, the attacker might create a file with a name like “document.pdfexe”. The RTLO character is added after the “.pdf” extension, causing the file to appear to be a PDF file but actually having an executable “.exe” extension.

When a user downloads and opens the file, it is executed as an executable file, which allows the attacker to run malicious code on the user’s system. This is a common technique used in phishing attacks to trick users into downloading and running malware.

The use of RTLO characters can make it difficult for users to detect fraudulent file names because the text appears to be legitimate, but the hidden characters can alter the true nature of the file. Furthermore, because Windows operating systems are not designed to handle RTLO characters, security software has a difficult time detecting such files.


To avoid this type of scam, users should avoid downloading files from untrusted sources, be cautious of files with unusual extensions, and keep their security software up to date. Furthermore, users can use tools that scan files for suspicious characters, such as those used in RTLO-based scams.

that’s it <3