YouTube Warns of Phishing Emails Attacking Creators to Steal Login Credentials

The video, indistinguishable from authentic footage due to advanced voice and visual synthesis, instructs creators to “confirm” policy changes by logging into studio.youtube-plus[.]com—a phishing domain mimicking YouTube Studio. The attack, first detected in late February 2025, uses fabricated videos of YouTube CEO Neal Mohan to deceive creators into surrendering login credentials or installing malware. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Kaaviya is a Security Editor and fellow reporter with Cyber Security News. In a pinned post on its Community Forum, YouTube emphasized, “It will never attempt to contact you or share information through a private video. In some cases, malicious payloads like Lumma Stealer malware are deployed to exfiltrate sensitive data or establish remote access via RDP (Remote Desktop Protocol) systems. The message leverages YouTube’s legitimate video-sharing feature, which allows users to send private videos via email. YouTube emphasizes the importance of vigilance, as phishers take advantage of platform features to seem legitimate. She is covering various cyber security incidents happening in the Cyber Space.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 07 Mar 2025 12:20:09 +0000


Cyber News related to YouTube Warns of Phishing Emails Attacking Creators to Steal Login Credentials

YouTube warns of AI-generated video of its CEO used in phishing attacks - The description of the video linked in the phishing emails asked those who open it to click a link that brings them to a page (studio.youtube-plus[.]com) where they're asked to "confirm the updated YouTube Partner Program (YPP) terms ...
2 months ago Bleepingcomputer.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
Latest Information Security and Hacking Incidents - Artificial Intelligence is reshaping the world of social media content creation, offering creators new possibilities and challenges. The fusion of art and technology is empowering creators by automating routine tasks, allowing them to channel their ...
1 year ago Cysecurity.news
YouTube Warns of Phishing Emails Attacking Creators to Steal Login Credentials - The video, indistinguishable from authentic footage due to advanced voice and visual synthesis, instructs creators to “confirm” policy changes by logging into studio.youtube-plus[.]com—a phishing domain mimicking YouTube Studio. The attack, ...
2 months ago Cybersecuritynews.com
YouTube Creators Under Attack via Brand Collaborators Requests Using Clickflix Technique - Cybercriminals initiate contact via email or social media, posing as marketing representatives from established brands offering lucrative deals that require the creator to review “campaign materials” hosted on compromised domains or cloud ...
2 months ago Cybersecuritynews.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
Spotting Phishing Attacks with Image Verification Techniques - Phishing refers to the tactic used by scammers who impersonate reputable brands and lure victims to click on suspicious links so that they can breach the privacy and sensitive data of individuals. You can call image-based phishing a relatively ...
1 month ago Cybersecuritynews.com
YouTube Not Working on iPhone? Here's How to Fix It - If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and updating its version. Restarting your device provides a fresh start and can address minor ...
1 year ago Hackercombat.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
1 year ago Hackread.com
Google to crack down on third-party YouTube apps that block ads - YouTube announced yesterday that third-party applications that block ads while watching YouTube videos violates its Terms of Service, and it will soon start taking action against the apps. Google exposes numerous APIs allowing developers to integrate ...
1 year ago Bleepingcomputer.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
1 year ago Securityboulevard.com
Splunk: AI isn't making spear phishing more effective - Despite increased concerns, AI tools won't give adversaries an advantage when it comes to sending effective phishing emails, according to new research by Splunk's Surge security research team. In a blog post Thursday, Tamara Chacon, security ...
1 year ago Techtarget.com
Hijacked: How hacked YouTube channels spread scams and malware - As one of today's most popular social media platforms, YouTube is often in the crosshairs of cybercriminals who exploit it to peddle scams and distribute malware. Thefts of popular YouTube channels up the game further. By extending the reach of the ...
11 months ago Welivesecurity.com
Hackers Use Fake DocuSign Templates to Scam Organizations - A surge in phishing attacks that use emails appearing to be from DocuSign is being fueled by a Russian dark web marketplace that has a wide range of take templates and login credentials. Eventually, the search led them to the Russian marketplace, ...
1 year ago Securityboulevard.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
1 year ago Cyberdefensemagazine.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
1 year ago Hackread.com
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
1 year ago Netcraft.com
AI-Powered Phishing Detection - Does It Actually Work? - Unlike traditional methods that rely on identifying known threats, AI-powered systems analyze patterns and behaviors to detect anomalies indicative of phishing attempts. The rise of artificial intelligence (AI) has brought new hope to combating these ...
1 month ago Cybersecuritynews.com
Threat Actors Attacking Content Creators With Fake AI Tools to Hijack Their Devices - A recent campaign involved fake social media ads promoting “CapCutProAI,” which redirected users to sites hosting malware designed to steal sensitive information, including login credentials, cryptocurrency wallets, and browser histories, often ...
1 month ago Cybersecuritynews.com
Phishing kits now vet victims in real-time before stealing credentials - Even if they were allowed to use the real target's address, the analysts comment that some campaigns go a step further, sending a validation code or link to the victim's inbox after they enter a valid email on the phishing page. However, with this ...
1 month ago Bleepingcomputer.com
WordPress hosting service Kinsta targeted by Google phishing ads - WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials. Kinsta says the phishing attacks aim to steal login credentials for MyKinsta, a key service the company ...
1 year ago Bleepingcomputer.com
Coinbase phishing email tricks users with fake wallet migration - A large-scale Coinbase phishing attack poses as a mandatory wallet migration, tricking recipients into setting up a new wallet with a pre-generated recovery phrase controlled by attackers. Instead, the phishing email includes a recovery phrase, which ...
2 months ago Bleepingcomputer.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com