How Scammers Weaponized a Pakistani Influencer's Video to Target Indian Users with Fake 'Assam' Links

A viral video featuring Pakistani social media influencer Sarah Baloch is being weaponised by cybercriminals to target users in India through deceptive phishing campaigns. The scam, which leverages localised narratives about events in Assam, demonstrates how sophisticated social engineering techniques can exploit cross-border digital ecosystems to spread malware and harvest personal data.

Digital investigators have identified a coordinated campaign that repurposes Baloch's content without consent, pairing it with fabricated headlines designed to trigger regional curiosity and drive clicks to malicious domains.

Background and Context

The exploitation of influencer content for malicious purposes represents an emerging threat vector in the digital landscape. According to cybersecurity researchers, social media personalities with large followings become particularly valuable assets for scammers seeking to bypass platform detection algorithms through legitimate engagement patterns. The weaponisation of Sarah Baloch's content follows similar patterns previously documented in campaigns targeting users across South Asia.

These localised phishing operations frequently exploit regional sensitivities and breaking news events to establish credibility with target audiences. By incorporating geographic markers such as "Assam" into their messaging, operators create perceived relevance that increases click-through rates among vulnerable demographic groups.

Key Figures and Entities

Sarah Baloch, a Pakistani content creator known for lifestyle and fashion content across platforms including Instagram and TikTok, has become an unwilling participant in this fraudulent scheme. According to digital forensic analysis, her videos have been decontextualised and redistributed without permission through coordinated networks on platforms including WhatsApp and Facebook.

Investigations suggest that the operation involves multiple shell domains and redirect mechanisms designed to evade detection by security systems. The attackers employ tactic known as "localisation," wherein they customise bait content with regional references to increase effectiveness among specific demographic targets.

Legal and Financial Mechanisms

The technical infrastructure behind this phishing campaign utilizes several layers of obfuscation to complicate attribution efforts. When users click on the malicious links, they are typically redirected through a series of intermediate domains before landing on pages that either attempt to install surveillance software or harvest credentials through fake verification processes.

According to cybersecurity researchers, these operations often monetize through multiple channels: selling harvested credentials on dark web marketplaces, deploying ransomware, or establishing persistent access to devices for future exploitation. The financial infrastructure supporting such networks typically involves cryptocurrency transactions and money mule arrangements designed to complicate tracing efforts.

International Implications and Policy Response

The cross-border nature of this campaign highlights significant challenges in coordinated digital enforcement. When content from one jurisdiction is weaponised against users in another, legal frameworks struggle to provide timely recourse for victims or accountability for perpetrators. Industry experts note that current platform moderation systems remain inadequately equipped to identify and neutralise rapidly evolving social engineering tactics.

Digital safety advocates have called for increased cooperation between technology companies and law enforcement agencies to address the transnational dimensions of such threats. Proposed policy measures include enhanced information sharing mechanisms, standardized incident reporting protocols, and strengthened consumer protection frameworks for digital services.

Sources

This report draws on independent cybersecurity research findings, digital forensic analysis of phishing campaigns, and platform safety documentation published between 2022-2024. Technical details regarding the scam infrastructure were verified through multiple cybersecurity research databases and industry reporting on emerging digital threats.