Cybercriminals spreading malware with fake YouTube emails
Don’t follow any links in emails claiming to be from YouTube.
A wave of phishing attacks targeting YouTube users has been reported to be under way. Its distinctive feature is the legitimate YouTube email address from which the malicious messages are sent.
The phishing email pretends to notify the user about changes in the YouTube monetization policy (although there might be other, similar emails that haven’t been reported yet) and includes a link to a video, which was allegedly shared with the user on YouTube by the YouTube team, and a textbox. The latter contains a link to a malicious file stored on Google Drive.
This phishing attack utilizes a YouTube feature that allows users to share videos via email. This way, the message comes from an @youtube.com address, likely bypasses spam filters, and looks legitimate – even though the attached message may contain malicious links.
If you receive a suspicious email claiming to be from YouTube, don’t click any links it urges you to. For information on how to keep your YouTube account secure, check TeamYouTube’s post. For tips on how to protect yourself from phishing, read our blogpost.