How to Protect Your YouTube Account From the Newest Phishing Scam

by -
Photo: Diego Thomazini (Shutterstock) – Even if hackers are able to get past two-factor authentication and hijack YouTube channels, the attacks remain a concern for everyone online. Phishing attacks against YouTube video creators have been documented in a new study from Google’s Threat Analysis team. Thousands of channels were successfully taken over by hackers, who either sold them or utilized them to perpetrate financial fraud on the channels’ listeners.

It’s clear from this effort, even though Google says it’s actively trying to combat the issue and has already restored a large number of channels, that cybersecurity procedures on YouTube and everywhere else are critical

A new phishing scheme on YouTube has been discovered

Though the perpetrators of the attack remain a mystery, a Russian-language discussion board is said to have been used to recruit the campaign’s members. Despite the fact that we do not know exactly who was responsible, we do know that the robberies were carried out through “cookie stealing” techniques.

Unlike phishing schemes, which utilize phony login pages, malicious links, or other ways to steal personal data, cookie theft attacks target the cookies that a browser saves when you’re signed into a website or service.

Phishing attempts that attempt to steal a user’s login cookies can only be successful if the user is still signed in and does not remove their cookies first. When utilizing login session cookies, you don’t even have to log in, which eliminates the need for things like two-factor authentication (2FA) codes, security questions, or USB security keys as a second layer of authentication. Due to YouTube’s latest 2FA login requirement for all creators on the platform, cookie theft is now one of the few feasible alternatives remaining for cybercriminals.

A successful cookie theft needs the user to download and install harmful files or programs on their computer, much like other phishing and malware assaults. As a result, hackers were able to deceive people into signing up for fictitious but plausible email advertising partnerships.

Some of these “partnerships” required the YouTuber to “review” VPNs, anti-virus applications, or video games, for example. A malware-infected file was emailed to YouTubers who volunteered to test the product in exchange for their channel login cookies. Anti-malware and anti-virus software could not decrypt the files, making it impossible to intercept them before they reached the user’s machine.

The hackers would then be able to take over the channel without ever having the channel’s login or password because of the cookies they have. Fake donations, cryptocurrency schemes, and other financial frauds might be launched using the hijacked channels to target the YouTuber’s following. From $3 to $4, 000, the gang has occasionally auctioned off smaller channels to other hacking groups.

What you can do to ensure your own safety

Gmail phishing emails have been reduced by 99.6 percent since May 2021, according to a study from Google, which stated that the company’s staff banned 1.6 million messages, more than 62,000 phishing sites, and 2,400 dangerous files. It also alerted the FBI to the hacking activities.

YouTube said it has successfully restored about 4,000 accounts affected by this issue. For people who were duped by the fraud, this is excellent news, but these data show exactly how big (and deadly) phishing schemes are. It’s for this reason that we always propose 2FA for all of your online accounts. This is an excellent moment to enable the feature on YouTube if you haven’t already.

In any case, this specific phishing attempt reveals that 2FA protection may be bypassed, proving that no cybersecurity measure is foolproof. However, 2FA and unique passwords for each account make it far more difficult for hackers to gain access in the first place.

Avoid the most frequent traps that allow hackers to access your devices and data by reading our guide on online frauds, and don’t forget to run regular virus and malware scans, as well as activate your browser’s most secure browsing mode. A list of sites utilized by the hacking gang in its assaults is included in Google’s report and should be added to your browser or anti-malware app’s blocked list.