Website security audit specialists reported the presence of a new fraudulent campaign directed against emergent YouTube content creators. According to reports, some YouTubers are receiving a supposed message from the video platform about a request for monetizing the content of the channel.
“We have evaluated your channel and have detected
some anomalies in your account reviewing process”, mentions the text,
backed by the alleged official YouTube logo. The message concludes by asking
the user to re-enter their data and answer the email to complete the account
Through Twitter, the user @TeslaJoy, which has a YouTube channel with over 3k subscribers, alerted other content creators: “I received a phishing email from the following address: [email protected]; Please do not respond and report it to Google”.
According to website security audit experts,
among the data that the campaign operators are asking the content creators are:
address linked to the channel
Affected users claim that these fake
notifications arrive via email, regardless of whether the email address linked
to the YouTube channel is different from the personal account of the affected
As soon as this information is under control of
the threat actors, it will be used to try to take over the YouTube channel and
other victim-owned online platform accounts. The attackers could use these
compromised platforms to promote fake giveaways, demand money in exchange for
services that will not be provided, among many other malicious activities,
mention the website security audit specialists.
Experts from the International Institute of
Cyber Security (IICS) highlight that YouTube does not request email passwords
to channel owners. As a security measure, specialists always recommend to
review in detail any suspicious-looking messages or where confidential data are
requested. Enabling multifactor authentication for Google accounts is also a
good option to protect your YouTube channel and email account.