Dear YouTubers, phishers are after your accounts

This phishing campaign is so convincing that even savvy YouTubers may be duped into giving crooks control of their accounts.

Do you have a channel on YouTube? How’s it doing — got more than a thousand subscribers yet? If so, you can expect a message something like this: “We’re evaluating your request for monetizing your YouTube channel.” The problem is, it might be fake.

In the wake of recent campaigns targeting Instagram and Twitter accounts, cyberthieves are now after YouTube creators.

More than a year has passed since YouTube last tightened its regulations on the requirements a channel/creator must meet to monetize videos (the current ones date back to February 2018). These days, ad-supported channels need to comply with several criteria, including having at least 1,000 subscribers and 4,000 hours of overall watch time within the past 12 months. It’s no wonder most YouTubers take a notification about a thorough account review extremely seriously.

What does this new YouTube scam look like, exactly?

“Our team reviewed your channel. … We’ve detected more than one violation in the process of reviewing your account,” says the text under the official YouTube logo, which also notes that the enterprise controls all YouTube channels manually. Therefore, it asks you to fill in your data and send the e-mail back.

The information the phishers are asking you to give away includes your channel URL and your password. According to affected YouTubers, the fake notifications come to their public e-mail, not to the address they use to link to their channels (if they are different).

As soon as the phishers get your data, they try to take over your account. What for? Well, they might scam your followers (and not only yours) by running a phishing ad under your name, promoting a fake giveaway, announcing a contest with valuable prizes … and the list goes on. The possibilities are endless.

How to protect your account

  • Keep in mind that YouTube will never ask for your account password in an e-mail.
  • Always check everything thoroughly before reacting to an e-mail, especially if you’re not sure who the sender actually is.
  • Enable two-factor authentication for your account, Google offers this option for all of its apps and services, including YouTube. To learn how to activate 2FA, click here.