YouTube is investigating and warning users of a new phishing scam that has been using its authentic firstname.lastname@example.org email address to lure users into giving away their login credentials.
YouTube, one of the world’s largest video-sharing platforms with billions of users, has become a target for phishing attacks. Scammers have found a new way to trap YouTubers through the platform’s Share Video by Email feature, which sends out phishing emails that look authentic. YouTube has become aware of this trend and is warning users to be cautious.
In a recent tweet, YouTube revealed details about a phishing scam where emails are being sent from an authentic YouTube account. The malicious email appears to be sent directly from YouTube, with the email address email@example.com.
Social media content creator Kevin Breeze alerted YouTube about the new phishing scam and tweeted that it is not a spoofed email but rather an abuse of the video-sharing system. This suggests that scammers are exploiting the platform’s sharing system to send these emails.
The phishing email content is similar to those seen in previous phishing scams, containing a YouTube video and a message informing users about YouTube’s new monetization policy and new rules.
The email also includes a Google Drive link that has a password to open it. To instil urgency, users are told they have only 7 days to review and respond, otherwise their YouTube access will be restricted.
If users open the document and enter the required information, they may actually lose access to their YouTube account because it will be hijacked by scammers. This is especially concerning as most YouTube users log in using their Gmail accounts. If their YouTube account gets hijacked, their Gmail data will also be stolen.
⚠️ heads up: we’re seeing reports of a phishing attempt showing firstname.lastname@example.org as the sender
be cautious & don’t download/access any file if you get this email (see below)
while our teams investigate, try these tips to stay safe from phishing: https://t.co/x9Ysnm9SSm https://t.co/MNQtrB7zbx
— TeamYouTube (@TeamYouTube) April 4, 2023
To stay safe, users are advised to be cautious and vigilant. They should avoid responding to messages sent by unknown senders, review emails carefully even if they are sent from the company’s official email address, and enable two-factor authentication.
In a comment to Hackread.com, Vonny Gamot, Head of EMEA at online protection company, McAfee said “Although the sender address appears to look legitimate, there are some tell-tale signs that the email is a scam. The 7-day countdown is a classic tactic from cybercriminals who often try to create a sense of urgency in a bid to make people act quickly without double-checking.”
Vonny emphasised that “You should never feel pressured into acting and always hover over any links before clicking on them to ensure the URL is correct as secure websites begin with “HTTPS,” not just “HTTP.”
“That extra “s” in HTTPS stands for “secure,” which means that it uses a secure protocol for transmitting sensitive information like passwords and credit card numbers. It often appears as a little padlock icon in the address bar of your browser,” Vonny added. “If ever in doubt over the legitimacy of an email or link, don’t engage with it and go direct to the source.”
Additionally, users are encouraged to use the best antivirus software to protect their devices against malware. YouTube may also need to temporarily disable the Share Video by Email feature to prevent exploitation by hackers.
This new phishing scam is a reminder that even the most popular and trusted platforms are not immune to cyber threats. It’s important for users to be aware and take steps to protect themselves from these types of attacks.