Your YouTube Channel Could Get Hijacked By Scammers, Here's How To Get It Back

hero google youtube account hijack recovery how to
Scammers and fraudsters have been targeting YouTube creators with sophisticated email campaigns. The emails pose as legitimate notices from Google which claim to be a copyright report and possible strike against the channel. These include a Google Drive link to the purported report, which actually contains a malware payload designed to hijack the user's Google account.

One of these phishing attempts was sent to HotHardware today, which was thankfully recognized for what it was before getting too far. Unfortunately, a friend of our site, Aaron Leong, was not so lucky a few weeks ago. Aaron runs a tech review channel called GearUP with Aaron with over 16,000 subscribers. After following the deceptive email, his entire channel and Google Account were hijacked.

After his experience regaining access, Aaron decided to share what he learned to hopefully help others not fall victim—but if you do, he has also kindly detailed all the steps he took with Google Support to reclaim ownership. While this situation is about bad actors targeting YouTubers, the recovery steps also should work for anyone with a hijacked Google Account whether they use YouTube or not.

The following is Aaron's account of what occurred.

YouTube Copyright Strike Spoof - How It All Began

It started with an email on August 23 that looked legit, seemingly sent from YouTube. The email looked exactly like other YouTube emails with the proper sender email address, template, header, and graphics. The title of the email was “YouTube Copyright Infringement Report 2022.” At the bottom, it had an attachment—a really large XML file, about 500 megabytes. Usually, I have a good feel for these kinds of things, and this is where I should have listened to my Spidey-senses. Of course, this time, I didn’t. So, I opened the file in Google Drive, or tried to anyway, because Drive pulled up a “File too large to open” message.

google account phishing email
Phishing email sent to HotHardware

I left it as that, but little did I know, this attachment was already working in the background. The first sign that something was wrong was when I received an email notification that my Google Account password had been updated. Then, another said that my authentication code was changed. Then, another notified me that I had changed my account email address. Actually, no, I didn’t.

Immediately, I decided to see if I could change everything back in Google settings. I immediately spotted a strange email address in place of my usual one. This new email was the sign that things were serious here. Once your account email is changed, it basically means you can’t get into it to do squat. In my case, I couldn’t convince Google that there was an imposter—likely a bot—holding my account hostage and that I was the original account owner. I tried creating a new password, verifying my cell number, etc., but again, what tied these all together was my original email address, and now—it was gone.

Dread started to sink in. I launched Gmail but was booted out for safety reasons. I tried Google Photos—obviously didn’t work. Calendar was still cached. And for me, as a content creator, YouTube is my bread-and-butter, and guess what—my entire channel was gone. It was taken over by something called ARK Invest: Elon Musk, which had one single uploaded video.

google youtube account takeover
The Gear Up with Aaron channel after account hijack

Now, to have that all gone, all the work that I put into building this channel with hundreds of videos, felt like a punch in the gut. It seemed like I was just fired from my job, told to pack my stuff, and never come back. I felt hopeless for the first few hours. I really thought it was over, partly because, I knew that Google doesn’t have any live customer support service on their website. So, reporting this would be nigh impossible, let alone recovering my account.

Searching For A Solution

Then, I remembered from somewhere that if you need to reach a live person to recover your YouTube channel or in essence, your Google account, Google has an active presence on Twitter. So, I tweeted a post on the afternoon of August 23rd describing briefly what had happened and that I needed help ASAP! I tagged @TeamYoutube and @MadeByGoogle. Within 45 minutes I got a response from Team YouTube and Google itself—and these were not auto replies—these were from real people.

google account support tweet request

Team YouTube sent me the first DM at 4pm asking for my channel URL. I shared that and told them about the new Elon Musk channel. Eight minutes later, they asked me for an alternative email to have their specialist team contact me at. They also sent me this support form to complete.

google support conversation
Aaron's conversation with @TeamYoutube on Twitter

By the way—and this goes without saying—during this entire process, I kept my words and communication as respectful and detailed as possible. It’s a stressful time but having a level head really helps if you want to receive the best support.

Some Advice About Google's Support Form

The form Google sent me required a lot of information about my account and channel--like when it was created, what was the last video you uploaded, the channel ID, and AdSense ID number. So, pro-tip—it is helpful to save this info somewhere safe, right now. Since I didn’t do any of that, Google was kind enough to help me obtain some of that information. I think this support form was to basically verify if you’re really the person you say you are.

I completed the form, and I thought it was going to take at least a week before I would see any progression for this case number. I was very surprised that while I was sleeping, YouTube’s Partner Support emailed me at 3:54 a.m. to confirm that my account and channel was indeed hijacked. They disabled the hacker’s access to my Google account by freezing it, but in order for me to have full control again, I had to access the standard account recovery page. That didn’t work for me, so I used their alternative special account recovery page and that worked like a charm.

You have no idea how much weight was taken off my shoulders when I finally had access to my email, my photos, and my Drive. It also revealed how reliant I’ve become of the Google ecosystem, given how intertwined they all are.

Now, the big part was my YouTube channel. I checked it and it showed it was blocked for violating usage terms—hmm, I wonder why? So, the battle was not completely over yet. I emailed the support team again and waited. Once more, their speedy response surprised me. 24 hours later, the channel was back up. The only house-cleaning items to do was to reupload the channel branding elements because those were all gone, and also set videos from Private to Public access again. Thank goodness for the “Select All” function!

A Few Things I Learned During This Ordeal

First, breathe. Take a deep breath and take it one step at a time and don’t rush it.

Second, be kind and respectful. You have every right to freak out and vent, but as far I know, it was mostly real humans that helped me out. So, treat them nice and they’ll treat you likewise.

Third, I think it’s pretty much a guarantee that your account can be salvaged once you receive the acknowledgement email from the support team. When they’ve verified the compromised account, you can pretty much leave it up to them to work their magic.

Fourth, don’t open suspicious attachments. I consider myself very vigilant. I’ve never had any issues with digital break-ins, but even vigilance can have a day off, so try to be safe.

Finally, I thought getting help would take forever, but from start to finish, regaining access took just a little over one and a half days—that’s it! My channel took a little over a day on top of that, which means in all, Google had me back on my feet in three days.

Top Image Credit: Szabó Viktor on Pexels