If you receive an email from [email protected] claiming that YouTube’s rules and policies have changed and urging you to check the details, would you click on the provided link?
Under normal circumstances, users may not pay much attention to such email notifications about policy adjustments. However, some users, especially YouTube creators, may want to review these messages, especially if the email address appears to be official.
[email protected] is one of YouTube’s official email addresses for sending notifications and is considered valid in Gmail. However, this same email address is also used by YouTube to send shared video notifications, and recently, the platform has discovered that scammers are abusing the sharing mechanism to send phishing emails to users en masse.
The abuse method is quite simple: scammers create a fraudulent video titled “Changes in YouTube rules and policies | Check the Description” share it with targeted users, and add a description. At this point, YouTube sends an email from [email protected] to the targeted user, and the email displays the video’s title, making it appear genuine.
The scammers provide a Google Drive link in the description and prompt users to download a file containing a virus. The ultimate goal is for users to install the infected file, allowing the scammers to gain control of the user’s PC.
YouTube has intervened and is investigating the issue following user feedback. The platform is now working on detecting and preventing such abuse of the sharing mechanism to protect users from scammers exploiting YouTube for fraudulent activities.