Did you receive an email from YouTube informing you of the update of its terms of use? Do not click on the link: it is a phishing attempt, even if the message is indeed sent by the official address of the platform!
Cybercriminals often attempt to impersonate major Internet platforms, particularly through phishing campaigns – which consist of sending false messages to recover banking or personal data. And their methods are sometimes very inventive! Netflix subscribers recently paid the price with emails and text messages that seemed to come from the streaming service, inviting them to give their opinion on the films and series in the catalog. But other scammers have found even better! Indeed, hackers have developed a particularly ingenious scam by impersonating YouTube. In recent days, many people have received a message sent by the platform’s real email address – namely [email protected] – telling them of a change in its rules and policies. The phishing attempt – because it is one – is therefore much more difficult to detect and this well-crafted campaign could manage to deceive many users…
YouTube phishing: a hard-to-detect identity theft
AT first sight, it is an e-mail all that is more normal warning of a “change in YouTube rules and policy”. It encourages victims to click on a link to view and download the official document. Of course, this is only accessible if users enter their password. In order to put pressure on them and prevent them from thinking too much or postponing the manipulation – and thus forgetting about it –, the scammers are careful to add that “you have seven days to read them and send us a return letter, otherwise you will be prevented from accessing our service”. Once the identifiers have been entered, they have plenty of time to recover personal data and/or infect devices…
heads up: were seeing reports of a phishing attempt showing [email protected] as the sender
be cautious & dont download/access any file if you get this email (see below)
while our teams investigate, try these tips to stay safe from phishing: https://t.co/x9Ysnm9SSm https://t.co/MNQtrB7zbx
—TeamYouTube (@TeamYouTube) April 4, 2023
The subtlety of this scam is that the message is sent by the real YouTube email address. However, it begins with “The YouTube team sent you a video”, which is surprising given its content. In fact, the hackers did not create a fake address similar to that of the platform – a very common technique in phishing campaigns: IThey simply used an option to share a video by email by adding a corrupted link. Smart! YouTube therefore asks its users to be particularly careful not to download files or click on links if they receive such a message.
Remember that almost no site asks to provide personal information and enter its identifiers via email or SMS. All the more reason to read the terms of use, which are normally freely available! As always in the event of a phishing attempt, if you receive a message of this type, do not hesitate to report it on the platform. Internet-Reporting of the Ministry of the Interior.