A few days ago, we told you about the development of a YouTube scam that had everything: cryptocurrency fraud, the use of deepfakes (in this instance, using an image of Elon Musk), and the hacking of users’ real channels, who then watched helplessly as their channels were exploited to spread completely unrelated information.
In point of fact, the earliest reported incidents of this kind date back to the year 2020, and YouTube has been under fire in recent years for allegedly ignoring the issue. Now there is a new effort at fraud that is directly attacking YouTube by pretending to be the site itself.
YouTube has informed its viewers of the scam via its Twitter account after youtuber Kevin Breeze revealed on networks how he got a warning through email of a video with the title “Changes in YouTube rules and policies | Check the description” (‘Changes in the rules and policies of YouTube | Check the description’).
The description of the aforementioned fake video instructs users to click on a link hosted on Google Drive in order to download a password-protected document that is purportedly malicious, but is already inaccessible… Of course, the impersonation of YouTube by cybercriminals is not done solely for the purpose of causing confusion.
…Threatening that the YouTube creators’ access to the site would be limited if they do not provide a response within a week, which will prohibit them from posting new videos, altering existing ones, or making money from their content. But don’t worry; clearly, this is not how YouTube works (this is more similar to emails that were sent “centuries” ago with subject lines such as “If you don’t send this email, your Hotmail account will be canceled”).
As Breeze emphasized later, rather than a case of impersonation, we are dealing with a malicious exploitation of a service offered by YouTube, namely the capability of sending files over e-mail. According to his point of view, there is “an simple method to eliminate this sort of impersonation,” and that approach is to fully remove such feature. “I really doubt that it’s overused at this point, but maintaining it certainly has more ‘cons’ than ‘pros.’”
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.