YouTube warns of phishing video using its CEO as bait

(Image credit: Getty Images / NurPhoto)

YouTube warns users of an ongoing phishing scam
The scam includes an AI-generated video of its CEO
Hackers are using stolen accounts to broadcast crypto scams

YouTube is warning its users of a new phishing campaign using an AI-generated video of its CEO Neal Mohan as bait.

In a post on its official community website, the company said it is “aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization.”

“YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam,” YouTube said in the pinned post. “Do not click these links as the videos will likely lead to phishing sites that can install malware or steal your credentials.”

Falling victim

The attack goes like this: scammers used AI to create a deepfake video of the YouTube CEO discussing changes in monetization on the platform. They then shared it as a private video with their targets. In the description of the video is a link that leads the victims to the phishing landing page - studio.youtube-plus[dot]com.

There, they’re prompted to “confirm the updated YouTube Partner Program (YPP) terms”, to continue monetizing their content and accessing YouTube’s features - but obviously, by “confirming” the terms, the victims would just be sharing their credentials with the attackers.

Furthermore, in true phishing fashion, crooks added a false sense of urgency, threatening the victims that their accounts will be restricted for a week if they do not comply with the new rules. That includes the inability to add videos, receive monetization, and more.

Once the victims enter their credentials, the page says the account is under review.

The campaign appears to have been active since late January 2025, and “many creators” have already fallen victim, reporting that their channels had been hijacked and used to broadcast live cryptocurrency scam streams.

Via BleepingComputer

A deepfake epidemic is coming as survey shows that people are simply not good enough at identifying fakes
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.