YouTube Warns Users To Stay Vigilant As It Investigates Account Hijacking Campaign
For tech-savvy users (and everyone, really), it goes without saying that you should never click on links in emails willy-nilly. In light of a recent account hijacking campaign, however, YouTube has taken to X/Twitter with a warning to "be cautious" of phishing tomfoolery as it investigates bogus emails making the rounds that appear to come from YouTube.
The warning came in respond to @vidIQ posting of a "dangerous YouTube scam" that allegedly almost saw a creator lose control of a channel with some 500,000 subscribers. According to the post, here's how the scam works...
- You get email from "no-reply@youtube"
- Links to private video from "YouTube Creators"
- Video tells you to check description
- Description has "policy link" + special code
- Takes you to fake DocuSign page
- Page is blurry, asks for code input
- Tries to download malicious .exe file
One obvious red flag in this instance is the misspelling of "Crearors" in the email. Typos are somewhat common in phishing emails, though that's not always the case.
A typo can also be easy to overlook if the sender appears to be legit. Additionally, YouTube (through its TeamYouTube account on X/Twitter) warns that it's seeing reports (plural) of phishing attempts like this one, with no-reply@youtube.com ostensibly appearing as the sender.
⚠️ Heads up: we’re seeing reports of a phishing attempt showing no-reply@youtube.com as the sender
— TeamYouTube (@TeamYouTube) February 14, 2025
Be cautious & don’t download/access any file if you get this email (see below)
More info here: https://t.co/BSu1FTYysL
While our teams investigate, try these tips to stay safe… https://t.co/nkoO7EUoaR
"Be cautious & don't download/access any file you get this email," YouTube warns, in reference to the email posted by @vidIQ. It also points users to a couple of support articles as "our teams investigate" the account hijacking campaign.
One of the support articles highlights three golden rules, starting with "Slow it down." As YouTube rightfully points out, scammers often attempt to create a sense of urgency—it's easier to trip someone up this way.
The second golden rule is to "spot check," meaning you should always double check the details of the supposed alert and see if the messaging makes sense. And finally, "Stop! Don't send," with regards to providing payment or personal information.
That's where creators can get into trouble. Linked videos often contain phishing links in the description, under the guise of accessing a document with more information. These links are malicious. Furthermore, YouTube reminds that it will "never communicate with creators in such way."
