Highlights: Reportedly, a phishing campaign invades yet unknown number fo Youtube influences who are specialized in gaming, car industry, tech and other topics as well.
Over the last weekend, many users have found they are unable to login their Google and Youtube accounts. After it turned out, a massive phishing campaign was launched by still unknown group of hackers who are mostly targeting popular influencers from various industries. However, the mostly affected industry as per the reports by ZDNet is automotive industry.
Initially, the Youtube account hijacking incidents were not tied up together, but later on the fact become clear that the targeted attack was launched with intention to steal particular accounts. However, it’s still unknown that how many accounts were affected, but the victims among them are mostly the famous ones on Youtube.
Youtube account hacking were possible due to phishing campaigns under which the attackers sent phishing emails to targeted influencers that led them to spoofed web locations. Asking for their Google’s login credentials which further utilized to hijack Youtube accounts. Most of the victims in that case rushed to other social platforms including Instagram, Twitter, etc and announced about their hacked account.
However, the worst part is, all affected Youtube channels got deleted in current scenario and their followers are no longer able to view videos of their favorite starts anymore.
Reportedly, the attackers managed to bypass two factor authentication
Although many affected Youtube channels are still nowhere to be found, some of the users already managed to regain their deleted content back. According to a user, after they managed to regain access to his account, he also got insights about hack itself from Youtube support team.
Under the phishing attack, the emails sent out to multiple targeted high-profile Youtube creators, and the email consisted of links leading to spoofed Google sites. According to reports from ZDNet, some users got emails while the others have received chain of spam emails, which asked them to visit channels of their members of the same community. And once they clicked the links, the spoofed pages asked targeted users to input their Google login credentials.
This way, the attackers easily managed to hijack Google accounts of victims which allowed them to log into targeted Youtube accounts, re-assign the owner and change any desired values for he creator, that made it seem like the accounts are no longer existing.
The primary reason for account hacks: Human factors according to experts
Youtube is technically not only the platform where the hijacks of accounts can take place, but other social platforms like Twitter, Facebook, and others are constantly suffering hacker’s attack as well. Although the methods used by cyber criminals to attack and affect those accounts may vary, but there’s always a way to protect such accounts from threat actors who are ready to invade and take benefits by stealing profits and personal information.
While some of the attacks pursued by cyber criminals are extremely sophisticated, still the main factor of being hacked is human itself. Many a times, spotting a phishing attack can be difficult even for a trained user because the hackers manage to deploy various tactics which makes their campaign look appealing, and such factors include a valid SSL certificate, email spoofing, legit contents, and many more.
As per the experts, the users should always employ two-factor authentication method, no matters it were used in the earlier and current campaigns. Also, employing comprehensive security tools along with vigilant outlook on received emails can also prevent most of the cyber attacks.