HQ/EMEAFind out how we can help your business
One of the world’s biggest video-sharing platforms, YouTube, has become the subject of a newly discovered phishing scam. The scammers in this campaign found a new method to fool YouTube users and content creators through the ‘Share Video by Email’ feature.
The alleged video-sharing feature distributes phishing emails that seem legitimate, which is enough to deceive unknowing users. The streaming platform has become aware of these incidents and warned its users.
YouTube is investigating the new phishing scam utilising the authentic “no-reply@youtube[.]com email address to bait users into providing their login details.
YouTube revealed on social media that the phishing scam contains seemingly legitimate emails.
In a Twitter post, YouTube revealed that the phishing scam spreads legitimate email addresses from an authentic YouTube account. Moreover, the compromised email appears to come from YouTube, with the earlier-mentioned email address.
A social media content created first alerted the video-sharing company about the new phishing scam. The content creator also posted on social media that the attack did not use an impersonated email but rather an exploit of YouTube’s email.
This detail implies that the scammers could abuse YouTube’s sharing feature to distribute phishing emails. Furthermore, the email’s content is like those common phishing scams, including a YouTube video and a message notifying users about the company’s new monetisation policy and guidelines.
Furthermore, the email also contains a Google Drive link that is password-protected. The email then advises users that they only have a week to review and respond, or their YouTube access will face restrictions. The strategy allowed the phishing actors to put pressure on the account users.
If users access the attached document on the phishing email, they could lose ownership of their accounts since the hackers will take over. The attack could also hijack Gmail accounts since most YouTube owners link them to Gmail.
Content creators should be cautious about these compromised emails. Experts advise that users should minimise responding to such emails to avoid these scams.
