Connect with us

Hi, what are you looking for?

Tech & Science

YouTube warns of major phishing hack in progress (Includes interview)

According to Hyperbeast, a range of popular YouTubers have been targeted in highly coordinated cyberattacks in recent days. The hackers look to be directly targeting influencers across many different channel genres, deploying phishing methods. By sending convincing emails to YouTube influencers directing them to a seemingly legitimate Google login page, hackers are attempting to steal login credentials and take over accounts.

In some cases the hacks have been effective. ZD Net has reported that the channels for Musafir (1.3 million YouTube subscribers), Troy Sowers (114,000 subscribers), maxtchekvids (48,000), PURE Function (39,000), and others had been affected. Most of those targeted are part of the YouTube car community.

A YouTube video from Life of Palos explains the hack in more detail (at the 1’52” mark):

Daily Dot notes that it is speculated that the hackers bypassed two-factor authentication on the affected channels through the use of a phishing toolkit called Modlishka that can capture the SMS codes sent by two-factor authentication.

The hack highlights some serious cybersecurity flaws, according to Will LaSala, Director Security Solutions, OneSpan. He tells Digital Journal: “This incident shows that despite YouTube’s countermeasures, many users still fall into the trap of phishing scams, with serious consequences such as compromising accounts.”

In terms of what needs to happen to protect users, LaSala states: “It is crucial for organizations like YouTube to implement a multi-layered approach to security in order to safeguard against phishing attacks. When it comes to phishing, properly implemented multi-factor authentication (MFA) methods are a much stronger deterrent than single-factor username and password.”

Explaining multi-factor authentication in greater detail, LaSala adds: “MFA requires that people prove their identity using two or more verification methods before they can be authenticated and given access. So even if one factor is compromised in a phishing attack, hackers still have at least one more barrier before breaking into the target.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Sixty percent of enterprises say that change management programs are "no longer fit for purpose."

Business

Huawei's revenue dipped by just under six percent in the first half of 2022.

Business

Asian markets mostly fell Friday, winding back some of the previous day’s rally.

Business

Britain's economy shrank in the second quarter as the country headed towards recession under a new prime minister.