The scammers attack content creators by sending them emails claiming that YouTube is about to change its monetization policy with embedded links to private videos.
“We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam,” – YouTube.
According to Bleeping Computer, the irony is that the phishing emails warn victims that YouTube will never share information or contact users via private videos and prompt the recipients to report the channel sending such emails if they look suspicious.
YouTube contributors have been receiving such letters since late January; in mid-February, YouTube launched an investigation into this phishing campaign.
The description of the video linked in the phishing emails prompts the recipients to click on the link that brings the victim to studio.youtube-plus[.]com. On this page, the users are asked to log into their accounts and “confirm the updated YouTube Partner Program (YPP) terms to continue monetizing your content and accessing all features.” In reality, this sole purpose of this page is to steal credentials.
After entering their credentials on the phishing page, the victims are notified that the “channel is now pending”. The creators are recommended to “open the document in the video description for all the necessary information.”
Interestingly, the scammers are trying to create a sense of urgency by threatening victims that their accounts would be restricted for 7 days if they fail to confirm compliance with the new rules. Allegedly, the restrictions would prevent content creators from uploading new videos, editing old videos, receiving monetization, and receiving earned funds.
YouTube warns all its users against clicking on links embedded in such emails, as they likely lead to phishing sites where cybercriminals will attempt to steal their credentials or infect them with malware.
According to reports, plenty of content creators have already fallen victim to such attacks; in many cases, the malefactors use hijacked channels to broadcast live cryptocurrency scam streams.
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.03.24 — Alexa to stop processing data locally. All voice requests will be sent to Amazon Cloud
Amazon announced that the privacy option allowing users of Echo speakers to avoid sending their voice recordings to the company's cloud will no longer be supported. Effective March…
Full article →
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.04.10 — April updates released by Microsoft cause issues with Windows Hello
Microsoft warns that some Windows users who have installed the April updates might be unable to login to their Windows services using Windows Hello facial recognition…
Full article →
2025.04.23 — Improper authentication control vulnerability affects ASUS routers with AiCloud
ASUSTeK Computer Inc. fixed an improper authentication control vulnerability in routers with AiCloud. The bug allows remote attackers to perform unauthorized actions on vulnerable devices. The issue…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.04.15 — Hackers exploit authentication bypass bug in OttoKit WordPress plugin
Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →