Scams happen all the time on the internet; hackers and bad actors are always looking for new ways to break into your accounts and steal your data. Creators on YouTube are now learning this the hard way.
A troubling new phishing scam is targeting creators on YouTube. Scammers reach out to YouTubers under the guise of offering a business proposition. These opportunities usually come from fake VPN, anti-virus apps, or video game companies looking for a “sponsorship” deal in the creator’s videos. The scammers would send a link to test out the product, but when the creator clicks the link, that’s when the trouble starts.
These links would ask the creators to download software to their computers; this software would then scrape their internet history looking for cookie data, known as a cookie theft attack. This cookie information is invaluable, because it allows hackers to bypass other security measures like 2FA, security questions, or USB keys.
While this attack is useless if the creator recently wiped their cookie data, many users don’t touch this data, which is what these attackers are banking on.
To stay safe, remember to never download software from strange contacts. Always ensure you’re talking to the real company before installing software they send to you. While this particular scam bypasses 2FA, it’s always good practice to make sure you set up multi-factor authentication with your accounts.