Scammers Use Old YouTube Feature To Run Phishing Scam from Legitimate Emails

Tyler Cross Tyler Cross

A new phishing campaign has been targeting YouTubers and could result in them losing their entire accounts.

Perpetrators are taking advantage of an old feature to send out phishing emails from a legitimate source. Unlike traditional phishing scams, which are easily detectable by most cybersecurity tools or spam filters and typically come from obviously fake email addresses, this one used the valid email, no-reply@youtube.com.

The email includes a Google Drive link and usually prompts readers to react quickly, being told that they only have seven days to respond or something else that puts pressure on them. This is a standard tactic used by social engineering scams in order to convince people to click a link they’d otherwise ignore.

If the YouTuber opens the drive and submits the requested information, they could have their entire accounts stolen from them right under their noses.

Because of how Google accounts are interconnected, if the hackers can take control of someone’s YouTube account, they can also control their Gmail account and get access to all sorts of confidential data.

Once they have access to your Gmail account, they can also reset passwords on certain websites, can gain access to financial information, or sell your information on online black markets.

“You should never feel pressured into acting and always hover over any links before clicking on them to ensure the URL is correct as secure websites begin with “HTTPS,” not just “HTTP,” says Vonny Gamot, Head of EMA. The “S” at the end of HTTPS stands for secure, so if you look out for this, you ought to be able to tell when a website is suspicious.

Social engineering scams continue to grow more complex, so even links from legitimate sources should still be carefully vetted. YouTube is already aware of this threat and is taking action to stop it.

About the Author

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."