Website security audit specialists reported the presence of a new fraudulent campaign directed against emergent YouTube content creators. According to reports, some YouTubers are receiving a supposed message from the video platform about a request for monetizing the content of the channel.
“We have evaluated your channel and have detected some anomalies in your account reviewing process”, mentions the text, backed by the alleged official YouTube logo. The message concludes by asking the user to re-enter their data and answer the email to complete the account reviewing process.
Through Twitter, the user @TeslaJoy, which has a YouTube channel with over 3k subscribers, alerted other content creators: “I received a phishing email from the following address: email@example.com; Please do not respond and report it to Google”.
According to website security audit experts, among the data that the campaign operators are asking the content creators are:
- YouTube Channel URL
- Email address linked to the channel
- Channel access password
Affected users claim that these fake notifications arrive via email, regardless of whether the email address linked to the YouTube channel is different from the personal account of the affected user.
As soon as this information is under control of the threat actors, it will be used to try to take over the YouTube channel and other victim-owned online platform accounts. The attackers could use these compromised platforms to promote fake giveaways, demand money in exchange for services that will not be provided, among many other malicious activities, mention the website security audit specialists.
Experts from the International Institute of Cyber Security (IICS) highlight that YouTube does not request email passwords to channel owners. As a security measure, specialists always recommend to review in detail any suspicious-looking messages or where confidential data are requested. Enabling multifactor authentication for Google accounts is also a good option to protect your YouTube channel and email account.