The scammers attack content creators by sending them emails claiming that YouTube is about to change its monetization policy with embedded links to private videos.
“We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam,” – YouTube.
According to Bleeping Computer, the irony is that the phishing emails warn victims that YouTube will never share information or contact users via private videos and prompt the recipients to report the channel sending such emails if they look suspicious.
YouTube contributors have been receiving such letters since late January; in mid-February, YouTube launched an investigation into this phishing campaign.
The description of the video linked in the phishing emails prompts the recipients to click on the link that brings the victim to studio.youtube-plus[.]com. On this page, the users are asked to log into their accounts and “confirm the updated YouTube Partner Program (YPP) terms to continue monetizing your content and accessing all features.” In reality, this sole purpose of this page is to steal credentials.
After entering their credentials on the phishing page, the victims are notified that the “channel is now pending”. The creators are recommended to “open the document in the video description for all the necessary information.”
Interestingly, the scammers are trying to create a sense of urgency by threatening victims that their accounts would be restricted for 7 days if they fail to confirm compliance with the new rules. Allegedly, the restrictions would prevent content creators from uploading new videos, editing old videos, receiving monetization, and receiving earned funds.
YouTube warns all its users against clicking on links embedded in such emails, as they likely lead to phishing sites where cybercriminals will attempt to steal their credentials or infect them with malware.
According to reports, plenty of content creators have already fallen victim to such attacks; in many cases, the malefactors use hijacked channels to broadcast live cryptocurrency scam streams.
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →
2025.01.23 — Fake Telegram CAPTCHA forces users to run malicious PowerShell scripts
Hackers used the news of Ross Ulbricht pardoning to lure users to a rogue Telegram channel where they are tricked into running malicious PowerShell code. This…
Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers
Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.03.10 — Nearly a million Windows computers impacted by a malvertising campaign
According to Microsoft, nearly 1 million Windows devices fell victim to a sophisticated malvertising campaign in recent months. Cybercriminals were able to steal credentials, cryptocurrency, and sensitive…
Full article →
2025.03.16 — Researchers force DeepSeek to write malware
According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware). DeepSeek was released in January 2025 and caused a stir…
Full article →