In recent years, Cybercriminals turned cunning with their strategies of defrauding unsuspecting investors in the cryptocurrency industry.
Tech giant, Google revealed in a recent report that around 2019, a group of Russian scammers coordinated to launch a phishing attack against creators on YouTube, the popular online video sharing platform affiliated to Google. Their sole intention was to sell off hijacked channels or use them to broadcast cryptocurrency scams live-streaming.
Google Crackdown on Phishing Attacks Targeting YouTubers
Google explained that the scammers lured YouTube creators into their trap via fake collaboration offers. They did this using Cookie Theft malware, which enabled them access to their target’s accounts with session cookies stored in the browser. If not used for cryptocurrency scams, the hijacked channels were offered for sale from $3 to $4,000 depending on the number of people subscribed to the channel.
Since May, however, Google said it has been able to detect and decrease the rate of phishing attacks on YouTubers in Gmail by 99.6%, following its collaboration with experts from cybersecurity firms and affiliated platforms including YouTube, and Gmail. It blocked 1.6 million messages and 2.4K files to targets. It also displayed 62K Safe Browsing phishing page warnings and successfully restored about 4K hijacked accounts.
How to Stay Safe
Given the increased scrutiny on Gmail, these scammers are beginning to switch to other platforms to continue with attacks. “With increased detection efforts, we’ve observed attackers shifting away from Gmail to other email providers (mostly email.cz, seznam.cz, post.cz and aol.com),” Google warned.
In the report, Google also recommended activating the “Enhanced Safe Browsing Protection” on Chrome browser as a safety measure for protection against such campaigns. Users are also advised to not neglect browsing warnings. It’s also important for YouTubers to verify their accounts for an extra layer of security.