Google warns about extensive Phishing Campaign targeting YouTubers

Google released a report specifying the details about an ongoing phishing campaign specifically directed at Youtubers. The company has blocked around 1.6 million phishing emails since May 2021 that were part of this scamming campaign.

Multiple hackers were said to be involved, who were not only trying to trick users into divulging their credentials but also infecting their devices with malware designed to steal their login cookies – a much more severe attack than sending just a link and waiting for someone to hand in their credentials.

YouTube didn’t reveal the culprit behind these attacks, only that these hackers were using Russian-medium forums to promote and distribute. Interestingly, the campaign specifically targets YouTube accounts rather than conventional government-owned systems or banks, implying how valuable influencers’ accounts have become in today’s age.

Phishing attacks on YouTubers

These scams are usually carried out like this: Hackers send emails to the YouTubers, offering them revenue opportunities to promote VPN, antivirus, or other security software on their platform. Upon agreement, the target receives a link that would infect their computer with multiple malware designed to fetch credentials and cookies.

Since many of us are now using two-factor authentication, these cookies have now become a sitting duck for hackers to steal and exploit (especially the ones that websites use to store a user’s log-in credentials). These are the same cookies responsible for storing your credentials, so you don’t have to re-enter them whenever you visit these sites.

If the hackers get their hands on these cookies, they will be able to take over your account and change your password to lock you out entirely. And since YouTube accounts are also linked with other Google accounts, hackers can also gain access to Gmail, Google Drive, Photos, and other Google services.

According to search engine giant, hackers could even sell these compromised accounts for roughly $3K to $4,000 on the dark web.

Now this explains why Google emphasized YouTubers earlier this year to enable two-factor verification (a security feature requires both credentials and a unique security key to access accounts) and why the company has been providing security keys to “high-risk” users every year. Although it may be ineffective against hackers who have already taken the reins over your account, it can make these attacks tough and more expensive, which might help slow them down.

The company has taken several measures against hackers, blocking their files and emails and sending security alerts to users when accessing a malicious website in the Chrome browser. However, considering how valuable an influencer’s account could be, it takes more than just blocking to stop attackers from hacking them. Therefore, it is essential to take preventive measures to protect yourself against any such phishing attacks.