YouTube hijacked by hackers to send out phishing emails — don’t fall for this scam

YouTube open on a Mac
(Image credit: Shutterstock)

Hackers are always coming up with clever new ways to ensure their phishing emails reach your inbox and now YouTube is warning users that their accounts could be at risk.

In a post on Twitter, the Google-owned company explained that it is aware of recent reports regarding phishing attempts impersonating its brand. YouTube also warned users not to “download/access any file if you get this email”.

These phishing emails appear to come directly from YouTube and are sent from a “no-reply@youtube.com” email address. Unlike spoofed emails, these messages have been sent out to unsuspecting users by abusing the platform’s sharing system.

Content creator Kevin Breeze provided more details on this new phishing scam in a Twitter thread in which he explained that the hackers behind this campaign are leveraging YouTube’s Share Video by Email feature.

Hallmarks of a classic phishing email

Fish hook on a keyboard

(Image credit: Shutterstock)

Even though the distribution method is a bit different this time around, the contents of the phishing emails sent out to YouTube users are just like those seen in other phishing campaigns.

Alongside a YouTube video, these phishing emails contain a message to the platform’s users explaining that the email itself was sent to notify them of a “new monetization policy and the new rules.” They also contain a Google Drive link “intended for private access only” along with a password to open it.

However, it wouldn’t be a good phishing email without instilling a sense of urgency which is why beneath the link, the hackers responsible have stated that users have seven days to review and send a reply or else their YouTube access will be restricted.

Opening the document and filling it out could put you at risk of actually losing access to your YouTube account since it likely asks for your username and password. Since many people also use their Google account to sign into YouTube, their Gmail messages and other sensitive data could be stolen by these hackers too.

How to protect your YouTube account from hackers

When it comes to keeping your YouTube account safe from hackers, just like with other online services, you need to remain vigilant. Don’t respond to messages from unknown senders and always carefully review any emails which claim to be from the company itself.

As phishing attacks can often lead to a malware infection, it’s also a good idea to use one of the best antivirus software solutions on your PC, the best Mac antivirus software on your Mac and the best Android antivirus apps on your Android smartphone.

The main thing you can do though is to educate yourself about phishing scams so that you’ll be able to spot the signs before you click on a malicious link or accidentally send your sensitive personal information to hackers. Misspelled words and poor grammar are a major red flag but you should also look out for hackers impersonating popular brands like YouTube in this case.

Google and YouTube could also temporarily disable the Share Video by Email feature to prevent hackers from abusing it in their phishing attacks.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.