What sort of phishing attack is being used to target
The attack is known as Cookie Theft or as Google explains “pass-the-cookie” attack. In a blog post, Google says that while the technique has been around for decades, “its resurgence as a top security risk could be due to a wider adoption of multi-factor authentication (MFA) making it difficult to conduct abuse, and shifting attacker focus to social engineering tactics.”
How do hackers target Youtube users?
Hackers send a fake business email and ask YouTube creators to request a video ad collaboration. Once the target agrees to the deal, a malware landing page disguised as a software download URL was sent via email or a PDF on Google Drive, and in a few cases, Google documents containing the phishing links. The attackers registered various domains associated with forged companies and built multiple websites for malware delivery. “Some of the websites impersonated legitimate software sites, such as Luminar, Cisco VPN, games on Steam, and some were generated using online templates,” explained Google.
What YouTubers can do to be safe from these attacks?
Google has several tips that YouTubers can follow. For instance, Google has a Safe Browsing feature which can be used to avoid malware triggering antivirus detections, threat actors social engineer users turning off or ignoring warnings. Google also recommends using antivirus or virus scanning tools. And more importantly, users should protect their accounts with 2-Step-verification, which provides an extra layer of security to your account in case your password is stolen. Google is also making 2-Step-verification mandatory for certain users. “Starting November 1, monetising YouTube creators must turn on 2-Step Verification on the Google Account used for their YouTube channel to access YouTube Studio or YouTube Studio Content Manager,” the tech noted in a blog post.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
