Some YouTube partners are being hit with e-mails seemingly coming from Google / YouTube teams attempting to trick them into replying with their login credentials and other personal information. One partner contacted us with screenshots of the phishing messages, the first received at the end of May and the second on June 3rd, coming from and delivered to different accounts.
While the first e-mail was quite amateuristic of nature and came filled with stuff that should raise quite some warning flags (typos, clumsy phrasing, Youtube instead of YouTube, etc.), the second appeared more genuine and had a body text edited rather professionally (see screenshot below).
In both cases, the YouTube partner was told that there was some kind of problem with his or her account, either with videos that purportedly contained copyrighted material, hate speech/bullying, or other issues that violate the service’s ToS. The first e-mail urged partners to respond with their username, password, e-mail address and D.O.B, while the second asked only for the password.
It’s unclear whether this phishing scam was aimed at our tipster specifically or if this is a more widespread problem (any YouTube partners wanna chip in?), but in any case YouTube has been alerted by the user and myself, although we have yet to receive a response.
YouTube partners, be aware and spread the word!
Update: official statement from YouTube:
“We are aware of recent phishing emails where users posing as Google or YouTube support have tried to obtain the login credentials of our partners. Security is a top concern at YouTube and action has been taken against these users and we are taking steps to prevent potential future occurrences. YouTube will never send an unsolicited message asking for your password or other sensitive information by email or through a link.”