Security

YouTube warns users to be vigilant of a phishing scam

Brendyn Lotz

5th April 2023

An old method of sharing YouTube videos is being used by scammers to spread a phishing campaign.
The scam leverages YouTube’s own systems in a bid to get folks to click a link that could compromise their security.
YouTube has warned users to exercise caution while it investigates this attack vector.

There are several ways to spot a phishing scam but a new scam that seemingly makes use of an old method of sharing YouTube videos is impressively deceptive.

At the weekend, content creator Kevin Breeze shared screenshots of an email they had received purporting to be from YouTubeTeam. At first Breeze claimed that the no-reply@youtube.com email had been spoofed. What had actually happened is that the attacker abused an old version of YouTube’s video sharing to spread what appears to be a phishing campaign.

Be careful. Session hijackers are now spoofing the YouTube email address!

This is very serious. Don’t fall for it. @YouTubeLiaison pic.twitter.com/i2htCztPLH
— kevin breeze (@KevinBreezeTV) April 2, 2023

The email was of a video that had been shared with Breeze from an account named YouTubeTeam, a poor attempt at emulating the Team YouTube moniker the firm uses. The video that was shared is titled “Changes in YouTube rules and policies | Check the Description”. The video however, is unimportant as it simply serves as the vehicle to send the actual attack contained in the description. The text there claims that there is a new monetisation policy along with new rules that the recipient must accept in writing.

The target is then directed to download a file for their review which is likely where they are asked for login information or they download a malicious file. This attack is however, seemingly concerning enough for YouTube to be actively investigating the matter.

The official Team YouTube account on Twitter warned users of the phishing campaign above and urged folks not to download or access files that are contained in the email. The platform also directed users to a support page that highlights tips to keep your account safe.

There is good reason that YouTube is taking this so seriously. The platform and its creators have recently been the target of session token attacks which are borne from phishing attacks like those outlined above. These session token hijacking attacks recently impacted tech YouTube channel Linus Tech Tips. You can hear more about the attack and how they recovered from it in the video below.

All of this serves as a reminder to remain vigilant, even if an email looks like it comes from a legitimate source. Should you be asked to respond to a notice from an online service you use, we recommend heading to that service directly and checking the source.

Above all, exercise caution when downloading any files, especially from a sender you don’t recognise. When receiving files from emails you do recognise, if you aren’t expecting it, ask the sender to confirm they sent it.

With YouTube offering monetisation to more creators, it’s likely that the frequency of attacks targeting these creators and trying to leverage their audience to spread scams will increase. It would do us all well to become acquainted with the many ways scammers target us online, for the sake of our own safety.

⚠️ heads up: we’re seeing reports of a phishing attempt showing no-reply@youtube.com as the sender

be cautious & don’t download/access any file if you get this email (see below)

while our teams investigate, try these tips to stay safe from phishing: https://t.co/x9Ysnm9SSm https://t.co/MNQtrB7zbx
— TeamYouTube (@TeamYouTube) April 4, 2023

About Author

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.