New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


YouTube Scam Thwarted

A popular channel called “TeslaJoy” was targeted by a phishing scam but was able to stop it before anything happened. The owner of the TeslaJoy channel received a rather suspicious email claiming to be YouTube support and stated that the channel was in violation of YouTube’s policies. The scammer stated in the email that a detailed analysis is necessary and that the account password was needed to perform this check. Any online service asking for a user’s account password is reason enough to be suspicious. The second mistake the scammer made was emailing TeslaJoy’s public email address and not the one the user has for direct communication with YouTube. The email address that the scammer used was “[email protected].” YouTube has never used the domain “” Scammers constantly use the reporting procedures of YouTube to scam people. Emails have been reported stating that the user has two violations and if the user wants to stop the third, then they must pay a fee.

Analyst Notes

This is an example of proper security practices. If a user receives an email or message asking for private login information, the user should immediately suspect that it is a fraudulent message. Checking the address of the sender can easily indicate if a message is authentic. In this example, the sender used a account, not the domain that YouTube uses. Educating employees in proper security practices will greatly assist companies in being able to recognize and stopping this style attack.