They warn of a new phishing attack with which they steal Google accounts: what they consist of

Rosary 3 |

A group of cybercriminals carried out a Phishing campaign by creating a YouTube copythe video platform of Google. And one of the details that caught our attention are the emails sent by the hackers From address @ youtube.comwhich means that the phishing attack was carried out through an official company communication channel.

However, this does not mean that hackers have stolen an official email address to use for malicious purposes. What they’ve done is exploit the system that allows videos to be shared via email, with seriously effective results.

How was the attack carried out?

What cybercriminals did was Create YouTube channels with names similar to the official ones (YouTubeTeam, for example) and upload videos listed as private, so users can’t find the content through a search engine.

Those videos had titles like “YouTube Rules & Policies Changes | Check Description”to divert users to the place where the phishing finally occurred.

Using a Google Drive link, victims entered a window asking for their account details with a warning that if they did not provide them, they would lose access to them.

Once the access credentials were obtained, the hackers were able to take control of the victim’s YouTube channel and their Google account.

This campaign was carried out by The address is [email protected]that is, an official email from YouTube.

When you share a private video via email, a message is generated that includes the title of the video in the email subject. Thus, the victims received a message indicating, for example: “The YouTube team sent you a video: changes to YouTube rules and policies | Check description”.

See also  Return to Monkey Island's graphic style divides fans, and its author responds aggressively

The message was designed to look like an official communication from the platform, and since it was an email from an official YouTube sender, many users likely fell in love with it.

This type of concrete technique in phishing scams assumes a A big change from previous strategiesgiven that one of the main recommendations to avoid becoming a victim is to always check the address the email is coming from, which was not effective in this case.

Lovell Loxley

"Alcohol buff. Troublemaker. Introvert. Student. Social media lover. Web ninja. Bacon fan. Reader."

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top