YouTube creators from the automotive and car community were hit the hardest in what appears to be a coordinated phishing attack. A massive wave of account hijacks has hit YouTube users. Especially creators in the auto-tuning and car review community. 😥
Coordinated campaign bypassed 2FA
From ZdNet: The account hacks are the result of a coordinated campaign that consisted of messages luring users to phishing sites, where hackers logged account credentials.
According to a channel owner who managed to recover their account before this article’s publication and received additional information from YouTube’s staff, we got some insight into how the full attack chain might have gone down.
- Hackers use phishing emails to lure victims on fake Google login pages, where they collect users’ account credentials
- Scammers break into Google accounts
- Hacker re-assign popular channels to new owners
- Scammer changes the channel’s vanity URL, giving the original account owner and his followers the impression that their account had been deleted.
Some users reported receiving individual emails. Other users said they received email chains that included the addresses of multiple YouTube creators. Usually from the same community.
This is what happened with the phishing attacks that targeted the YouTube creators car community, according to a YouTube video from Life of Palos, uploaded over the weekend.
The same Life of Palos also reported that hackers were capable of bypassing two-factor authentication on users’ accounts. He suggested that hackers might have used Modlishka, a reverse proxy-based phishing toolkit that can also intercept 2FA SMS codes.
Phishing has been a big problem since the net was young. But today fraudsters are becoming more high tech and dangerously crafty. YouTube phishing attacks are nothing new but are becoming more crafty as this example proves. Received an email link? Don’t click it! 🙁