
The scammers attack content creators by sending them emails claiming that YouTube is about to change its monetization policy with embedded links to private videos.
“We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam,” – YouTube.
According to Bleeping Computer, the irony is that the phishing emails warn victims that YouTube will never share information or contact users via private videos and prompt the recipients to report the channel sending such emails if they look suspicious.
YouTube contributors have been receiving such letters since late January; in mid-February, YouTube launched an investigation into this phishing campaign.
The description of the video linked in the phishing emails prompts the recipients to click on the link that brings the victim to studio.youtube-plus[.]com. On this page, the users are asked to log into their accounts and “confirm the updated YouTube Partner Program (YPP) terms to continue monetizing your content and accessing all features.” In reality, this sole purpose of this page is to steal credentials.

After entering their credentials on the phishing page, the victims are notified that the “channel is now pending”. The creators are recommended to “open the document in the video description for all the necessary information.”
Interestingly, the scammers are trying to create a sense of urgency by threatening victims that their accounts would be restricted for 7 days if they fail to confirm compliance with the new rules. Allegedly, the restrictions would prevent content creators from uploading new videos, editing old videos, receiving monetization, and receiving earned funds.
YouTube warns all its users against clicking on links embedded in such emails, as they likely lead to phishing sites where cybercriminals will attempt to steal their credentials or infect them with malware.
According to reports, plenty of content creators have already fallen victim to such attacks; in many cases, the malefactors use hijacked channels to broadcast live cryptocurrency scam streams.

2025.03.07 — YouTube warns of scam video featuring its CEO
According to YouTube, scammers use an AI-generated video of the company's CEO in phishing attacks to steal user credentials. The scammers attack content creators by sending them…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.02.05 — Google patches Android zero-day vulnerability exploited by hackers
Google released the February set of patches for Android. In total, they fix 48 bugs, including a kernel zero-day vulnerability actively exploited by hackers. The zero-day's…
Full article →
2025.04.22 — Scammers pose as FBI IC3 specialists, offer 'assistance' to fraud victims
According to the FBI, scammers impersonating employees of the FBI Internet Fraud Complaint Center (IC3) contact fraud victims offering them 'assistance' in getting their money…
Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.04.08 — Website of Everest ransomware group hacked and defaced
Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.03.28 — Zero-day vulnerability in Windows results in NTLM hash leaks
Security experts reported a new zero-day vulnerability in Windows that enables remote attackers to steal NTLM credentials by tricking victims into viewing malicious files in Windows…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →