YouTube warns of AI-generated video of its CEO used in phishing attacks

YouTube warns that scammers are using an AI-generated video featuring the company’s CEO in phishing attacks to steal creators’ credentials.

The attackers are sharing it as a private video with targeted users via emails claiming YouTube is changing its monetization policy.

“We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization,” the online video sharing platform warned in a pinned post on its official community website.

“YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam.”

Ironically, the phishing emails also warn that YouTube will never share information or contact users via private videos, prompting the recipients to report the channel sending the emails if they look suspicious.

The description of the video linked in the phishing emails asked those who open it to click a link that brings them to a page (studio.youtube-plus[.]com) where they’re asked to “confirm the updated YouTube Partner Program (YPP) terms to continue monetizing your content and accessing all features” by signing into their account. However, this page is designed to steal their credentials instead.

The scammers also create a sense of urgency by threatening that their accounts will be restricted for seven days if they fail to confirm compliance with the new rules (these restrictions would allegedly include uploading new videos, editing old videos, receiving monetization, and receiving earned monetization funds).

After entering their credentials, creators are told their “channel is now pending” and to “open the document in the video description for all the necessary information” (even when entering a random email and password).

YouTube users have been receiving such emails since late January while the YouTube team says it began investigating this campaign in mid-February.

YouTube warns not to click links embedded in these emails, as they will likely redirect them to phishing sites that attempt to steal their credentials or infect them with malware.

“Many phishers actively target Creators by trying to find ways to impersonate YouTube by exploiting in-platform features to link to malicious content,” the company added. “Please always be aware and make sure not to open untrusted links or files!”

However, many creators have already fallen victim to these attacks, reporting that the scammers hijacked their channels and used them to broadcast live cryptocurrency scam streams.

YouTube provides tips on avoiding and reporting phishing emails in its help center and more details on similar phishing campaigns.

Since August 2024, YouTube has also provided a new support assistant to help users recover and secure hacked YouTube accounts after getting hacked.