For many a rising star, YouTube has become the best place on the web to produce and promote content. With millions of active users and even more visitors each day, it’s no wonder that the platform remains one of the busiest hubs of activity on the entire internet. And with new integration in smart TVs and streaming devices, YouTube only looks more likely to grow in the coming years.
But, as with other platforms, security and privacy are factors that will make or break YouTube’s future. And recently, a new hijacking threat has been targeting its most popular users. After sending out aggressive phishing emails, the attackers take over popular YouTube accounts and sell them (and the followers they have) on shady forums for a sizable profit.
Are any websites safe from cybercriminals anymore? If you or your child have a YouTube account, here’s what you need to know about the tactics these criminals are using, and how you can keep your account out of the hands of hackers.
Bold hackers with bolder techniques
According to new reports from ZDNet, a wave of YouTube account hackings is underway that specifically targets high profile YouTubers with large quantities of followers. Most of the major names were members of the auto-tuning or car YouTube community, which gives the impression that this community is being targeted specifically.
To pull off a hijacking, the hackers perform aggressive phishing operations towards the YouTube account they’re interested in.
The account owner will typically receive a phishing-style email that redirects them to a login page that steals their account credentials. Once those details are captured, the hackers change the account’s vanity URL so the owner’s followers think that they deleted their account.
From here, several of the stolen accounts were reportedly sighted on Russian forums that traffic in stolen YouTube accounts with large pools of subscribers. According to an anonymous member interviewed by ZDNet, the operation bears all the signs of “regular business.”
That’s a shady business if there ever was one.
To make matters worse, many of the affected accounts made use of two-factor authentication as added protection.
Strangely, the victims never received a verification text, which has led to speculation that the attackers are using an advanced piece of phishing software to intercept them. This software is regularly distributed on hacking communities, among other toolkits that can be used for nefarious acts.
Is my YouTube account at risk?
From what can be seen in recent reporting, every target so far has been a popular account with a long list of subscribers. These accounts are highly sought after by criminals, who use the account’s subscribers for spam purposes or to give themselves a head start on their own YouTube ambitions.
With a captive audience, they can easily push their videos to as many users as possible without relying on ordinary factors like the search bar or recommendation algorithm. So, if you’re an ordinary viewer rather than a content creator, you’re probably safe for now.
That said, users might have some concern about the hackers’ ability to bypass 2FA, but this is somewhat misplaced. The biggest factor to these hackers’ success is the fact that their victims opened the phishing emails they received in the first place.
This underscores the importance of never logging into a website that you are linked to from an email. Even visiting a well-equipped phishing site can be enough to compromise you in some cases. Thus, the smartest thing you can do is take extra precautions when opening any email and avoiding links from unknown sources.
Always log in from a website’s homepage via your browser and you should be fine. Plus, using 2FA is still worthwhile. Even if hackers are able to bypass the authentication, it’s still an extra step that makes hacking your account less appealing. In the long run, the more protection you have, the safer you are.
Whether the internet is still safe in this day and age, however, is another question entirely.