YouTube has issued a warning to its users about a new phishing attack that is currently targeting the platform. In a Tuesday announcement on its community site, YouTube alerted users about the scam, which deceitfully claims to be from YouTube itself, sharing a private video with unsuspecting users. This elaborate scheme attempts to exploit the YouTube system’s feature that allows private video sharing via email, redirecting users to a fraudulent “YouTube Creators” page hosted on YouTube.
The phishing attack is cleverly disguised. Upon viewing the shared private video, users are forwarded to a fake “YouTube Creators” page, where they are urged to enter their login credentials. This page is, in fact, a phishing site designed to harvest personal information. Alarmingly, the scam uses an AI-generated video of YouTube CEO Neal Mohan to further deceive users into believing its authenticity and to lure them into downloading malware.
“YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam… Please always be aware and make sure not to open untrusted links or files!” – YouTube
Other Phishing Pages in Operation
This scam not only operates through the fake “YouTube Creators” page but also directs victims to another phishing page, “studio.youtube-plus[.]com”, which remains active. The fraudulent site tries to trick individuals into providing their login credentials, threatening users with messages about impending changes in YouTube’s monetization policy.
Victims of the attack have reported severe consequences. One user shared their ordeal on Reddit, recounting how they fell for a similar scam that claimed their account required verification.
“It looked real, even featuring an AI-generated Neal Mohan. I clicked the link, lost access to my YouTube, email, and website. Customers were misled, and it took weeks to recover,” – a Reddit user
YouTube has emphasized that neither the company nor its employees will ever contact users or share information through private videos. Users are advised to exercise caution and refrain from clicking suspicious links or downloading untrusted files.
“Do not click these links as the videos will likely lead to phishing sites that can install malware or steal your credentials,” – YouTube
The platform also revealed that variations of this phishing attack have been circulating since at least January, indicating that this is an ongoing threat that requires vigilance.
Author’s Opinion
YouTube’s warning is a necessary call for vigilance. As AI and phishing scams become more sophisticated, the platform’s response highlights the ongoing struggle to protect users’ data and accounts from increasingly clever tactics. This ongoing threat underscores the need for users to be constantly aware of scams, no matter how convincing they may seem.
Featured image credit: Szabó Viktor via Pexels
Follow us for more breaking news on DMR