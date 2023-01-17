(SPOT.ph) YouTube users as of late have been receiving believable phishing links via their Google Drive. Masked as notifications of copyright strikes on their videos, this method modus underscores the countless ways scammers evolve to circumvent security systems and even human discernment.

The YouTube Google Drive scam

It’s set up like this: the owner of the YouTube account receives a warning via Google Drive that their videos are in violation of copyright guidelines. To the uninitiated, a copyright strike can result in the deletion of the video or demonetization of said upload, which can result in reduced income for the user.

Though similar phishing scams may have duped people this way, the latest wave boasts believable graphics, perfect grammar, and even an authoritative-enough-sounding sender name. The e-mail remains concealed, so users can’t judge based on that either.

Cybersecurity Researcher John Hammond tweeted about the issue as early as August 2022.

Users who have received the e-mail said that copyright claims are never sent via Google Drive and are often listed down in their YouTube accounts for a quicker overview of violations. A quick search on YouTube’s guidelines confirms that copyright strikes are addressed on YouTube’s interface and never on external platforms, even though Mail, Drive, and YouTube are all part of the Google ecosystem.

What now?

Not much is available on what happens after clicking as users were quick to grow suspicious over the matter, but the way the scam is built implies that the goal is to collect login credentials or gain access to YouTube channels. Anyone can get the hit, but most of the tweets discussing the issue came from YouTubers with a following. Even SPOT.ph’s own YouTube channel received a Drive notification.

The phenomenon is nothing new—as early as 2021, Google’s Threat Analysis Group has addressed security concerns such as cookie theft and malware related to YouTube and more as the world went fully online to keep safe against COVID-19.

Like most scams, the best thing to do is ignore it. Don’t click links, block and delete, and report to Google and YouTube.

