YouTube phishing scam warning. Google warns of massive phishing campaign targeting YouTube content creators. A recent report from Google’s Threat Analysis Group reveals that hackers have successfully hijacked thousands of such channels, selling them or committing financial fraud against the channel’s viewers. Google says it is actively working against such threats and has restored a number of troubled YouTube channels. However, it warns that many YouTube accounts are affected by this scam, which can be deleted at any time.
New YouTube phishing scam
YouTube has not revealed who was behind the scam. However, the report states that the campaign is being carried out on a Russian-language message board and that cookies are being stolen for this purpose. Unlike phishing scams that use fake login pages, malware links or usernames and passwords, YouTube reveals that account hacking is done with a little more personal data and browser-protected cookies when logging in. YouTube phishing scam.
Cookie-stealing attacks are more costly and expensive than the average phishing scam, and are only effective if the user has not logged in and deleted their cookies before using the login cookies. However, cookie theft is one of the few practical options left for hackers.
Like other phishing and malware attacks, successful cookie theft requires the user to download and install malware files or apps on their computer. To reverse this, hackers tried to deceive their victims using social engineering techniques. YouTuber was asked to ‘review’ VPNs, antivirus apps or video games. Once YouTube agrees to test the product, hackers send malware-infected files that collect the user’s YouTube channel login cookies. Files are encrypted so that they can bypass anti-malware and antivirus apps, making it difficult to intercept files before they reach the user’s computer. YouTube phishing scam.
Because those cookies are at hand, hackers can take over the channel without the need for the channel’s username or password. They will use hijacked channels to carry out financial frauds such as fake donation campaigns, fake cryptocurrency schemes and more against YouTube’s audience. In some cases, the group sold small channels to other hacking groups for $3 to $4,000.
How can you stay safe
As for the affected channels, YouTube says it has successfully restored about 4,000 accounts. This is good news for victims of fraud, but these figures show just how big and dangerous fishing campaigns can be. That’s why Google recommends two-factor authentication for all accounts. If it’s not enabled on YouTube, Google says now’s a good time to turn it on. Here, none of the cybersecurity features are 100 percent effective. However, as each account generates unique passwords, 2-factor authentication makes it very difficult for hackers to break-in in the first place. Don’t forget to scan the downloaded files regularly and turn on the browser’s highest browsing security mode.
YouTube phishing scam warning, keep safe your account.
Thanks for reading.
Lifestyle Related Blog Post:-
TravelTips Related Blog Post:-