YouTube, the world’s top provider of streaming multimedia content, keeps reaching new heights in terms of its popularity. Nearly two billion monthly users and five billion videos watched every single day – these impressive statistics speak for themselves, and the numbers are steadily growing year over year. Everybody loves YouTube and so do cybercriminals, only in their very own nefarious way.

Malicious actors are lured by the soaring audiences of this service, hence the potentially huge attack surface and a goldmine of opportunities.

However, compromising the IT architecture of such an advanced technology giant is a hardly feasible objective, even for high-profile crooks with tons of offensive resources at their disposal. The exploitation vectors, therefore, mostly boil down to social engineering scams, but the tactics are more sophisticated than posting fraudulent hyperlinks in comments under viral videos.

The two most common types of attacks include hoaxes targeting YouTube channel owners and ones that zero in on ordinary visitors who routinely visit the service to watch videos of interest.

Let’s see what scams are currently dominating this particular cybercrime ecosystem.

Malefactors wheedling out YouTubers’ passwords

Fraudsters may impersonate YouTube support to dupe active users into disclosing their credentials.

One of the latest attempts that gained a great deal of publicity was reported in early May 2019. The owner of a fairly popular YouTube channel called TeslaJoy received a phishing email from a sender claiming to be the “YouTube Team.” This message was camouflaged as an alert regarding multiple violations allegedly detected during the site’s account review process.

The con artist further emphasized that they needed a more in-depth analysis to sort out the issue. In order to expedite the process, the targeted YouTuber was instructed to provide additional details, including the channel password. Obviously, a genuine support team would (Read more...)