Have you heard of Youtube cryptocurrency scam giveaway? Sure there are lots of Youtube channels that got hacked lately and used to scam anyone, mainly its subscribers, daily viewers, and biking viewers wandering around Youtube who may believe those lies.
And mostly it's related to cryptocurrency due to its aspect of being anonymous; hackers won't get easily captured by authorities because they weren't revealing anything personal such as names, email, or address. Also, due to its fast earning method, but don't get me wrong investing in cryptocurrency is a ratio of 50:50 of win or loss, but most people get dumped and lost their funds by following wrong decisions and wrong people.
What those scammers usually do is buy a ton of Youtube views as explained in this guide. That gives them a certain amount of credibility which makes it easier to fall prey for their scam.
Back to the topic.
Their way of scamming is, first; they will find a target. A Youtube channel with thousands or even millions of subscribers, especially a verified account with a verification checkmark next to the YouTube channel's name. Once they get access to this channel using different ways of hacking, including social engineering, hackers will change the channel's name to a famous person, influencer, a wealthy business guy, or a renowned company that will look legitimate. And will broadcast a Youtube live and offers fake giveaway e.g. "Send 0.1 BTC to this wallet address, and we will send 0.5 BTC back" seems legit, right? *insert sarcasm. This scam giveaway looks like the screen captured below from Youtube.
Take note, be suspicious of too good to be true offers, most of them are scam.
If you're one of the Vloggers on Youtube or you are the person-in-charge to manage the YouTube channel of your company. I'm sure you don't want to become one of the victims of these malicious people. To secure your YouTube channel, we encourage you to take these four simple steps:
Create a strong password
And do not share. A secure and strong password is a combination of upper and lower case letters, numbers, and special characters. Don't ever use an obvious password identical to your email, name, and birthday, GF/BF, or wife/husband anniversary.
Having a strong password will make your account too hard to hack at least for brute force and dictionary attack. And do not ever share your passwords with anyone.
Enable 2-Step Verification
An extra layer of security of your account, you need to enable this on your Google account. This works as each time you log in, you will receive a verification code from Google to your registered mobile number or to your other device where your account is currently login.
You can't log in if you enter a wrong verification code, does to anyone who has a copy of your password.
Remove access to your YouTube Channel
YouTube channels can be managed by two or more users, especially a company or a brand; even as an individual, you can add access to your other Google account. You should check this regularly. On your Youtube account, under the Settings on your dashboard, check if they’re correct, as this determines who has access to your YouTube channel. Make sure not to reveal any sensitive information by making all highly personal videos private.
Avoid Phishing and Malware scams
For more information, there are different kinds of phishing attacks. This includes using email, SMS messages, phone calls, etc. But one thing in common of this attack is you will be lured to enter your account log in information such as your username, email, password, worst is your credit card, or bank account information using a mobile app or a website.
How to avoid this?
First, ask yourself, why?
Why you received a message from Youtube or the same from Google, Facebook, your bank, or the websites you're registered? After this question, I'm sure you need an answer, but don't ever click any links embed on the message yet.
More to read: beware of Viralyft.
So, second, if you received a message using your email, check the email if the domain name is really from their official website.
Now, if the attacker uses email spoofing in which the sender address looks the same as the original, which is it hard to recognize then.
Third, go their social media accounts such as Facebook, Twitter, or Instagram, make sure it's the official account by checking the verified badge. Check if there's a post regarding the message you received, verify it on your own.
If you think that the message you received is phishing, you should report it to their website or social media accounts so that they will be aware and take necessary action against the attack and mark the email as spam.
No matter what account you're registered on, always verify the legitimacy of the message you received from email, SMS by going to their website or social media accounts to avoid being hacked. Observe the URL address on the message if it's truly the domain of the website. Be skeptical of link shorteners. And lastly, avoid clicking links attached, just copy the link, and search it on Google to verify.