New Scam Alerts Users About YouTube Altering Policy

megat

megat

Kıdemli Üye
24 Şub 2016
3,324
34
-
d28d_shutterstock_391239166.jpg
A new YouTube phishing campaign is making rounds in the wild, urging users to read and accept so-called changes in YouTube's rules and policies. What’s scary is that it abuses YouTube’s authentic email address to lure users into providing their credentials.

What's the new scam?​

YouTube has published a warning, stating that several users have raised complaints about this ongoing phishing campaign.
  • The emails inform users about some updates in YouTube’s new monetization policy and some new rules that users should agree with to continue with the service.
  • To inculcate a sense of urgency, they are asked to review and accept the new rules within seven days.
  • Along with the message, the emails contain a YouTube video and a link to Google Drive, which when clicked, ask targets to provide their YouTube credentials.
  • The phishing emails appear to be sent using no-reply@youtube[.]com, an authentic YouTube account, thus, adding more legitimacy to the scam.

Abuse of authentic email ID​

  • A tech researcher alerted YouTube about this scam via a tweet, sharing the details of the email he received. He stated that the emails were not spoofed, and were sent via YouTube’s authentic email ID.
  • The scammers are apparently abusing YouTube’s Share Video by Email feature, which allows users to share their private videos via YouTube’s official email notification channel.

Identifiable clues​

The scam uses the official email address to lure victims, however, comprises several telltale signs hinting about the scam.
  • The language used in the email is quite imperfect, with several random words, such as Getting Monetization money earned.
  • The format of the email is distorted, with no proper bullets in lists and no spacing between different paragraphs and sections.
  • Moreover, the seven-day deadline is a usual tactic used by several scammers to create a sense of urgency.

Safety tips​

Abuse of popular platforms and services is not new, and this scam stands as another reminder that trusted social media platforms are a popular playground for scammers. To stay protected, experts recommend users be vigilant when providing any sensitive information, specifically credentials. Double-check the authenticity of any email or link by scanning them with genuine security software and avoid engaging with any suspicious-looking alerts, claims, and offers that have an undue sense of urgency.
 
Cevap yazmak için giriş yap yada kayıt ol.
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.