YouTube Account Recovery Phishing

Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators.

Phishing Behavior

The phishing campaign, which was initially discovered on a compromised WordPress website, is made up of two pages responsible for harvesting and sending along the victim’s stolen username, password, and recovery phone number.

Simply knowing the account recovery phone number will not allow the attacker to bypass 2FA for accounts that have it enabled.

Continue reading YouTube Account Recovery Phishing at Sucuri Blog.