The scammers attack content creators by sending them emails claiming that YouTube is about to change its monetization policy with embedded links to private videos.
“We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam,” – YouTube.
According to Bleeping Computer, the irony is that the phishing emails warn victims that YouTube will never share information or contact users via private videos and prompt the recipients to report the channel sending such emails if they look suspicious.
YouTube contributors have been receiving such letters since late January; in mid-February, YouTube launched an investigation into this phishing campaign.
The description of the video linked in the phishing emails prompts the recipients to click on the link that brings the victim to studio.youtube-plus[.]com. On this page, the users are asked to log into their accounts and “confirm the updated YouTube Partner Program (YPP) terms to continue monetizing your content and accessing all features.” In reality, this sole purpose of this page is to steal credentials.
After entering their credentials on the phishing page, the victims are notified that the “channel is now pending”. The creators are recommended to “open the document in the video description for all the necessary information.”
Interestingly, the scammers are trying to create a sense of urgency by threatening victims that their accounts would be restricted for 7 days if they fail to confirm compliance with the new rules. Allegedly, the restrictions would prevent content creators from uploading new videos, editing old videos, receiving monetization, and receiving earned funds.
YouTube warns all its users against clicking on links embedded in such emails, as they likely lead to phishing sites where cybercriminals will attempt to steal their credentials or infect them with malware.
According to reports, plenty of content creators have already fallen victim to such attacks; in many cases, the malefactors use hijacked channels to broadcast live cryptocurrency scam streams.