The YouTube team has issued a warning about a new phishing campaign leveraging AI-generated video footage featuring an apparent speech by YouTube CEO Neal Mohan. Cybercriminals are distributing these videos via email in an attempt to steal users’ login credentials.
The attack begins with emails claiming that YouTube is introducing changes to its monetization policies and that users must confirm new terms to remain in the YouTube Partner Program. These messages contain the aforementioned deepfake video, along with a link to a fraudulent webpage (studio.youtube-plus[.]com) where victims are prompted to log in to their accounts. However, the page is a phishing site designed solely to harvest credentials.
To heighten the sense of urgency, scammers threaten users with a seven-day restriction if they fail to comply. These supposed penalties include a temporary ban on video uploads, content editing, and earnings withdrawals.
Once a user enters their credentials, they are redirected to a page stating that their channel is under review, instructing them to open a document linked in the video description. Notably, this message appears regardless of whether the user enters a valid or incorrect password on the phishing site.
Since late January, many YouTube creators have reported receiving such phishing emails. By mid-February, the platform had launched an investigation. The YouTube team strongly advises against clicking on links in these emails, as they lead to phishing sites or may deliver malware—such as the document referenced in the fraudulent video description.
Victims report that compromised channels were swiftly hijacked and repurposed for broadcasting scam cryptocurrency livestreams. YouTube has published security guidelines on phishing prevention in its Help Center and has introduced a new recovery tool for hacked accounts, available since August 2024.
As cybercriminal tactics become increasingly sophisticated, vigilance is crucial. It is imperative to critically assess any messages that demand immediate action or request personal information. Even emails and videos that appear legitimate may be part of an elaborate phishing campaign. Safeguarding one’s credentials remains the cornerstone of digital security.
