If you own a YouTube channel, this news should concern you. A recent analysis from Google’s Threat Analysis group disclosed that a cookie stealing type of phishing campaign had targeted YouTube content creators.
This means it’s highly likely that your YouTube channel was either compromised or even sold to other cybercriminals gangs.
It can not be denied that earlier in 2021, Google announced it would automatically enforce new security measures, notably the 2FA (two-factor authentication) to millions of Gmail accounts, and to at least two million YouTube creators.
Even if you were not among the ones Google directly notified to employ a 2FA, it certainly was the type of online security tip all users should have considered to apply to their accounts.
Let’s uncover the details of this YouTube phishing scam and what you can do to prevent becoming a future target.
The Way the YouTube Phishing Scam Unraveled
A cookie theft or cookie hijacking attack is after stealing your browser cookies and using them against you, usually to access your account.
In this YouTube scam, the cookie stealers tricked users into downloading and installing malware. The malicious files or apps took the form of appealing videos on topics like tech guides and tutorials, how to cheat and win on video games, photo editing apps, even ads for VPNs or antivirus. Users who clicked on these videos gave the attackers an open door to send malware-infected files and steal users’ YouTube channel login cookies.
The attackers encrypted the files, making it difficult for users to realize they had them installed on their devices. Then, the attackers could take over users’ YouTube channels and play with them as they see fit without the need for a username and password.
In most cases, bad actors used the hijacked YouTube channels to pitch all sorts of online scams, including fake donations schemes, fake cryptocurrency, or financial frauds. Some cybercriminals chose to sell YouTube channels to other cyber-attackers for sums between $3000 – $4,000.
As YouTube accounts are linked with Google accounts, attackers could inevitably access Gmail, Google Drive, Photos, and other services.
Researchers uncovered the attackers used over 1,011 different domains associated with fake companies with the specific purpose to deliver malware.
What’s a Cookie Theft Attack
Web cookies are supposed to make our lives easier, and in a way, they do. These little pieces of text attach to your web browser and websites you visit to offer you a personalized experience and make it easier to log in. The downside is they also provide an effortless way for websites to track your every move and for attackers to intercept your password or any sensitive information.
Every time you sign in to an online account, the app or website generates a ‘session cookie’ identifying you as a user and connects you to the app or website server. As long as you stay logged in, your device is linked with the server in the session cookie, and the server recognizes you as an authorized user.
Here’s what happens in a session cookie hijacking attack:
- The attacker sends you to a fake login platform.
- You think it’s a legitimate log in and type in your username and password.
- Once you visit the fake website, the attacker steals your cookies.
When perpetrators have your session cookie, they’ll basically pretend to be you. This is particularly a breeze since many YouTube creators add their email addresses to their channels. They can change your password in a few seconds, and then, change any detail of your account and do whatever they want with it.
How to Prevent Cookie Stealing
Cookie theft attacks can be quite complex and subtle; they fall under the ‘Think before you click’ rule. Still, you can apply a few other simple adjustments to your safer and more private browsing.
Turn 2FA for your accounts
If you haven’t enabled it for your YouTube or Google account, now is a good time to do it.
This simple security habit adds a second security layer to your credentials; you receive a token through a text message on your phone or by email. While it’s not 100% a foolproof measure, it’s a helpful one that will make it harder for attackers to steal your credentials or sensitive data.
Keep in mind to also use strong passwords!
Employ HTTPS Everywhere
HTTPS Everywhere is a best practice digital security measure when visiting any website since it ensures your user experience is safe from online threats.
Open the Web browser in which you want to install HTTPS Everywhere. Look for the Add-ons or Extensions Tab, and then search ‘HTTPS Everywhere’. You can automatically install it and enable a more private browsing experience.
Choose a Private Browser
If you want to stay anonymous online from the very beginning, a Private Browser should be your go-to option.
- Hide your browsing activity
- Delete all your browsing data on exit in just one click
- Stay anonymous as no information is stored or shared
- Surf the web ad & tracker-free
Use a VPN
A virtual private network hides your IP address and encrypts your data, ensuring attackers can’t access it. A VPN will also make your digital life harder to track and trace, preventing digital attacks, including MiTM (Man-in-the-Middle) attacks. A reliable VPN like CyberGhost VPN doesn’t keep any logs, doesn’t store data or track your web activity.
Were you ever the target of a cookie theft or cookie session attack? How did you deal with it?
Let me know in the comments section below.