Helga Labus
Helga Labus, Managing Editor, Help Net Security

Phishing emails from legit YouTube address hitting inboxes

Phishers are targeting YouTube content creators by leveraging the service’s Share Video by Email feature, which delivers the phishing email from an official YouTube email address (no-reply@youtube.com).

How the YouTube phishing email scam works?

The email informs the targets of a new monetization policy, new rules, and prompts them to view a video. The email also contains and points to a document hosted on Google Drive and provides the password for opening it. Finally, the recipients are informed that they have a 7-day deadline to respond, or else they won’t be able to access their accounts.

Social media content creator Kevin Breeze has warned YouTube about this particular scam and noted that this is not a simple case of spoofed email, but rather a more sophisticated attack where scammers are taking advantage of the platform’s sharing system.

How to stay safe?

YouTube is investigating the matter, but in the meantime, it’s warning users to be vigilant.

Cybercriminals often try to instill a sense of urgency, to make it more likely for users to let their guard down and act impulsively.

Users should know that YouTube will never ask for their login credentials via email, and they should always be wary of responding to unsolicited emails from unknown senders, even if they appear to be coming from a company’s official email.

It’s also important to double-check the URL before clicking on email links to ensure it’s correct and contains the HTTPS designation for added security.

Finally, enabling two-factor authentication (2FA) can provide an extra layer of protection to help safeguard accounts against unauthorized access.

Breeze proposed that YouTube remove the Share Video by Email feature completely. “I doubt this feature is used much anymore. There’s more downsides than upsides to keeping it,” he opined.

More about

Featured news

Sponsored

Don't miss