Summary

  • Scammers created an AI deepfake video of YouTube CEO Neal Mohan making an important announcement about monetization changes.
  • The video is being shared to creators as a private video, and includes a link.
  • YouTube says they never communicate via private videos and that this is a phishing scam, and warns users to not click on the link.

Scammers can be just as creative as the creators they attempt to scam. Case in point: the latest phishing attack that uses AI-generated deepfake videos of YouTube CEO Neal Mohan announcing monetization changes.

A collage of five images surrounding the word


Related


Google Veo: The ultrarealistic AI video generation tool explained

Close-ups, panning, and all the film-school tricks at your fingertips

YouTube released an official warning today about a fraudulent video shared privately with creators in an attempt to install malware and steal credentials. YouTube wants to remind everyone it will never send private videos to communicate platform changes. If you receive a video claiming to be from YouTube, it is a phishing attempt.

Here’s how the scam works

A screenshot of the deepfake private video message shared with a Redditor.

Source: Reddit

This latest phishing attack follows a similar pattern to other attacks we’ve reported on in recent months. It works like this:

  1. Creators receive an email or private message with a private YouTube video.
  2. The video features a deepfake AI-generated version of YouTube’s CEO, Neal Mohan, making an official statement about changes to the platform’s monetization policies.
  3. The message instructs users to click a link or download a file in order to ensure they continue to get paid.

Once the creator clicks the link, it’s game over.

Malware
is installed, credentials are stolen, and financial data is hacked. YouTube creators are frequent targets for scammers looking to exploit their accounts. They have large followings and are heavily dependent on that one single platform for their living, making it harder to immediately recognize the deception.

YouTube’s official warning to creators

YouTube wants to reinforce its policy against private video communications. The company issued a warning to all creators to watch out for this latest phishing attempt.

YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam. Do not click these links as the videos will likely lead to phishing sites that can install malware or steal your credentials.

YouTube said not to click on these links and to report such videos here.

You can avoid falling for this scam, and many others, by ignoring private videos that claim to be from YouTube, and to never click on links in unsolicited messages or emails. You should also report suspicious content through YouTube’s built-in tools.