YouTube is one of the best places on the internet where you get to watch cute videos of kitties, huskies, and also other videos from your favorite channels, YouTubers, artists and so much more.
But now YouTube is becoming a dangerous place, and you might not even notice it. For instance, what if you get a message from your favorite YouTuber, celebrity or channel? At first, you will be thrilled, and you will instantly forget your cyber-awareness skills and good internet behavior.
It’s happening right now, and several people are receiving messages in their YouTube inboxes. Mostly the message seems real as it’s coming from your adored celebrity, it has some grateful texts, and since you’re one of their top subscribers, it has a link to a giveaway prize, gift card, the new Samsung Galaxy S10 and so on. If you get such a message, don’t rush and click on the link. Here’s why.
How does YouTube phishing work?
Similar to other phishing scams, this scam is easy to orchestrate. Cybercriminals set up a similar YouTube account which is nearly identical enough to that of your favorite YouTuber – cybercriminals know this by looking at the comments you leave on various channels. After setting up the account, they use any channel name they want despite what their account name is, YouTube allows this; which is the vulnerability in this case.
Cybercriminals also take advantage of another YouTube feature – the YouTube friend request. Anyone on the platform can send a friend request to whomever they like. If you are not cyber ware all the time, you will gladly accept the friend request from your purported to be a celebrity. Lastly, cybercriminals will send you a nicely composed heart-warming phishing message with a link.
Consequences
As it is with any other phishing scam, this YouTube scam is mainly aimed at two things, collecting your personal data as well as making a profit while at it.
Clicking on the link provided in the message takes to a spoofed site with forms where to enter your details and finally participate in a quick survey to win your giveaway prize. If you fill this form, you will be giving away your personal private information such as contacts to cybercriminals willingly.
If you take the survey, you will be redirected to other many sites where you will be giving them traffic and occasionally viewing or clicking some ads here and there. By the time you realize it’s a phishing scam, you will have picked some malware, given away your details and now you’ll be preparing on how to mitigate a cyber-attack.
Ways to protect yourself
- As it is the first rule in social media, don’t accept friend requests until you truly know who the sender is, and in YouTube, your celebrity’s channel will be marked, official. Also, don’t hurriedly open links on messages.
- If you happen to click on the link and you are redirected to a website with forms, simply close that page and carry on with other things, that’s how you give out your information willingly.
- Use a reputable antivirus/antimalware; reliable antivirus/antimalware will always alert you or even block malicious/spoofed sites.
- Lastly, use IPBurger VPN. A VPN will protect from phishing scams that are orchestrated by man-in-the-middle attacks especially when you are using free public Wi-Fi.