HQ/EMEAFind out how we can help your business
Newly discovered phishing attacks are using AI-generated videos of the YouTube CEO to steal creator credentials.
Reports revealed that threat actors are emailing private videos to targeted subscribers. These emails contain a notification about the changes in YouTube’s monetisation strategy.
This popular online video-sharing platform warns the public through a pinned post on its official community website that it is aware that phishing operators have been using private videos to deliver bogus videos, including an AI-generated video of YouTube CEO Neal Mohan announcing monetisation changes.
The platform reminds its users that the company and its employees will never contact or exchange information via a private video. If a video is shared privately with you and claims to be from YouTube, it is a phishing scam.
The phishing attacks that used AI-generated video also included a similar warning.
According to investigations, the emails in the phishing attacks have also disclosed a similar warning that YouTube posted.
The campaign also stated that it would never disclose information or contact users through private videos, asking recipients to report the channel that sent the emails if it appears suspect.
The video description linked in the phishing emails instructed those who opened it to click a link that redirected them to a page where they were asked to confirm the updated YouTube Partner Program (YPP) terms to continue monetising their content and accessing all features by signing into their account.
However, the landing page is intended to steal their credentials instead. The scammers employ a tactic that makes the targets feel a sense of urgency by threatening to disable their accounts for seven days if they do not confirm compliance with the new rules and provide their credentials.
Once these targets provide the credentials, the scam will inform them that their channel is pending and direct them to the document in the video description for all relevant information.
YouTube viewers have been receiving such emails since late January, and the YouTube team claims it started monitoring the campaign in mid-February.
YouTube advises users not to click links featured in malicious emails, as they could lead to phishing sites that can steal their credentials or infect them with malware.
