New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


YouTube Phishing Scam Luring Users Into Providing Credentials

A new phishing scam on YouTube has been uncovered, where hackers are using authentic-looking email addresses to trick users into giving away their account login information. The scam starts with a fraudulent email claiming to be from YouTube’s support team, stating that the user’s account is in violation of the platform’s policies and will be suspended if the issue is not resolved. The email contains a link that appears to take the user to YouTube’s login page but instead leads to a fake site that collects the user’s login credentials. This scam is particularly dangerous as the email appears to come from an authentic YouTube email address, making it harder for users to spot the scam.

Analyst Notes

To protect against this, users should always check the URL of any link they are asked to click on, and only enter their login information on YouTube’s official website. Scams are often perpetrated by asking targeted users to click on a malicious link to address an urgent issue. In all cases, it is highly recommended to encourage users to resist the socially engineered sense of urgency and directly log in to their account via trusted, known portal or website. Additionally, users can enable two-factor authentication on their accounts, providing an extra layer of security by requiring a verification code in addition to the password. Users need to be vigilant and cautious when receiving emails claiming to be from YouTube or any other platform and to report any suspicious activity to the platform’s support team.

Beware of new YouTube phishing scam using authentic email address