Protect Your Account From the Latest YouTube Phishing Scams
A recent report from the Google Threat Intelligence Group highlights a phishing campaign targeting YouTube content creators . Hackers have successfully hijacked thousands of channels that have been sold or used for financial scams against the channel’s viewers.
While Google says it is actively fighting the threat and has repaired many of its hacked YouTube channels, the campaign highlights why cybersecurity practices are important – on YouTube and elsewhere.
How did this latest YouTube phishing scam go?
YouTube did not disclose who was behind the attack, but the report says the campaign recruited its team on a Russian-language bulletin board. While we may not know exactly who is behind this, we do know that the group used cookie stealing attacks to carry out robberies.
Unlike phishing attacks, which use fake login pages, malicious links, or other methods to pump usernames, passwords, and other personal information, cookie-theft attacks target the cookies that the browser saves upon login.
Cookie theft attacks require more effort and cost more than a common phishing scam and are only effective if the user stays logged in and does not delete their cookies before the hacker can use the login cookies on their side. However, using login session cookies completely eliminates the need for login by bypassing additional authentication requirements such as two-factor authentication (2FA) codes, security issues, or USB security keys. This makes cookie theft attacks extremely dangerous, and given the recent 2FA login requirement for all YouTube creators, cookie stealing is probably one of the only viable options left for hackers.
Like other phishing and malware attacks, successful cookie stealing requires the user to download and install malicious files or applications onto their computer. To accomplish this, the hackers used social engineering techniques to trick victims into creating fake – yet compelling – email advertising partnerships.
For example, some of the “partnerships” involved VPNs, antivirus apps, or video games that the YouTuber asked to “check”. Once the YouTuber agreed to test the product, the hackers sent malware-infected files that collect cookies to log into the user’s YouTube channel. The files have been encrypted so that they can bypass anti-virus and anti-virus applications, making it difficult to intercept files before they reach the user’s computer.
With these cookies in hand, hackers can hijack a channel without ever asking for the channel’s username or password. They will use the hijacked channels to launch financial scams against the YouTuber audience, such as fake donation campaigns, fake cryptocurrency schemes, and more. In some cases, the group sold smaller channels to other hacker groups for prices ranging from $ 3 to $ 4,000.
How can you stay safe
According to a Google report, its teams “have reduced the number of related phishing emails in Gmail by 99.6% since May 2021” and blocked 1.6 million messages, over 62,000 phishing pages and 2,400 malicious files. There have also been reports of hacker activity at the FBI.
In terms of affected channels, YouTube reports that it has successfully restored about 4,000 accounts.
This is good news for those who have been scammed, but these numbers show how widespread (and dangerous) phishing campaigns are. This is why we usually recommend enabling two-factor authentication for all of your accounts. (If you don’t have it on YouTube, now is a good time to turn it on.)
But yes, this particular phishing campaign also shows that it is possible to bypass 2FA protection – no cybersecurity feature is 100% effective. However, two-factor authentication makes it much more difficult for hackers to break into, as well as create unique passwords for each account.
Our online fraud detection guide will help you avoid common mistakes that give hackers access to your devices and data; Remember to regularly scan your computer and any files you download with reliable antivirus and antivirus applications, and enable your browser to have the highest security mode when browsing. The Google report also includes a list of domains that the hacker group has used for their attacks, which you should review and blacklist your browser or anti-malware application.
[ The Verge ]