eevBLAB 129 - WARNING: New Youtube Creator Channel Hijack Scam

[golden_labels]

Due to recent changes in YouTuber Scam Methodology™ you are at risk of losing your monetization or the channel. Be sure to watch and confirm the attached video.


This message is digitally signed with 71-bit ASS by the Official YouTube Watching Team member

[golden_labels]

Usually, with stories like this, I’d blab about how the society brings it upon itself. But that specific style of attack, the one Dave just described, I really can’t.⁽¹⁾ And I donṥee good ways to avoid the danger.

Of course we may warn each other and I hope Dave’s video reaches many Youtubers. But being on a lookout is hardly a reasonable solution. Following good security hygiene certainly doesn’t hurt, but it’s not solving the problem.

Any ideas?

⁽¹⁾ It is still a contributing factor, but hardly the overwhelmingly important one.

[Haenk]

And I donṥee good ways to avoid the danger.

Don't click on stuff and questionable links.
Enable 2FA whenever possible, and for login, use auto-fill. (auto-fill might one day have security issues, but it protects you pretty well from fake login-sites for now)

[thm_w]

https://www.fiverr.com/brucevigna

[Bud]

Dude, after Haenk's warning on questionable links, how many people you expect to click on yours? 

[thm_w]

Dude, after Haenk's warning on questionable links, how many people you expect to click on yours? 

TLDC: Tons of actors on fiverr will read out your script for $5-50 on video. Easier than messing with AI, for now. The actor in Daves video is from fiverr.

[golden_labels]

Dude, after Haenk's warning on questionable links, how many people you expect to click on yours?

That depends on how many people watched Dave’s video before commenting on it, or read my post before replying to it. And how many notice the “warning” lacks relevance.

[.RC.]

Remember the good old days when all you had to worry about were dead Nigerian princes taking your money?

[hans]

Next up in AI: they generate 2 versions of the same clip, one straight faced like this, and 1 with the 'inspect my ear canal'-shot (which some fancy channels love to use for long talking head segments). I'm sure with some effort one could hide the 8sec clip fade in/out next time around.

But despite the AI stuff, the general pattern of scams still remains the same:

- They are not very direct in communicating what the specific problem is. "Refer to this" and then provide you a direct link.
- It is always (semi-)urgent. "Fix this in 7 days". C'mon, people take 3 weeks of holidays right around this time in the northern hemisphere. Large companies know that and will schedule big policy changes in months advance.
- The obvious sketchy domains and link shorteners.

[golden_labels]

Unfortunately “legit” companies do the same.

Vagueness: ✓. While often pointing to specific URLs or documents, it’s 20 pages of dense legalese and you need to find for yourself, what they’re referring to.

Sketchy domains and link shorteners: ✓. Not only from some small companies, but major players. Like sending an SMS with “click this” shortened URL, or mass mails from spam-company-14ufnb24.com. Most companies also lack their own domain, but use whichever “free” email provider is popular in a given country: company-name-1461(at)gmail.com is pretty normal.

The urgency: ✓. “your bill is due in 3 days, click this link,” unclear “we enabled a service on your phone” with a link to details, or “there is a problem with your shipping.”

There is a pretense of high security and teaching good practices, followed by completely ignoring all this and doing what’s easier and cheaper.