The scammers attack content creators by sending them emails claiming that YouTube is about to change its monetization policy with embedded links to private videos.
“We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam,” – YouTube.
According to Bleeping Computer, the irony is that the phishing emails warn victims that YouTube will never share information or contact users via private videos and prompt the recipients to report the channel sending such emails if they look suspicious.
YouTube contributors have been receiving such letters since late January; in mid-February, YouTube launched an investigation into this phishing campaign.
The description of the video linked in the phishing emails prompts the recipients to click on the link that brings the victim to studio.youtube-plus[.]com. On this page, the users are asked to log into their accounts and “confirm the updated YouTube Partner Program (YPP) terms to continue monetizing your content and accessing all features.” In reality, this sole purpose of this page is to steal credentials.
After entering their credentials on the phishing page, the victims are notified that the “channel is now pending”. The creators are recommended to “open the document in the video description for all the necessary information.”
Interestingly, the scammers are trying to create a sense of urgency by threatening victims that their accounts would be restricted for 7 days if they fail to confirm compliance with the new rules. Allegedly, the restrictions would prevent content creators from uploading new videos, editing old videos, receiving monetization, and receiving earned funds.
YouTube warns all its users against clicking on links embedded in such emails, as they likely lead to phishing sites where cybercriminals will attempt to steal their credentials or infect them with malware.
According to reports, plenty of content creators have already fallen victim to such attacks; in many cases, the malefactors use hijacked channels to broadcast live cryptocurrency scam streams.
2025.02.23 — New JavaScript obfuscation technique uses invisible Unicode characters
According to Juniper Threat Labs , a new JavaScript obfuscation technique that uses invisible Unicode characters was used in a phishing attack targeting Political Action…
Full article →
2025.04.04 — Privilege escalation vulnerability in Google Cloud resulting in sensitive data leaks finally patched
Tenable Research revealed details of a recently patched privilege escalation vulnerability in Google Cloud Platform (GCP) Cloud Run enabling an attacker to gain access to container images…
Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage
According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…
Full article →
2025.02.03 — PyPI introduces a project archival system to combat malicious updates
The Python Package Index (PyPI) introduces a new project archival system: a project can now be archived to notify users that it's not expected to be updated…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE
Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…
Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers
Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…
Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack
Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…
Full article →
2025.01.27 — YouTube plays hour-long ads to users with ad blockers
Users complain that YouTube plays very long unskippable ads. Sometimes such ads are longer than the video the person is watching. The issue was raised…
Full article →