Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.


Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence


Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
News18 » Tech
1-min read

YouTube Vloggers are the Latest Target of Coordinated Phishing Attacks

Hackers used phishing emails to lure victims on fake Google login pages from where they collected users' credentials to hack their YouTube accounts.


Updated:September 24, 2019, 8:12 PM IST
YouTube Vloggers are the Latest Target of Coordinated Phishing Attacks
Imagr for Representation

YouTube creators, particularly in the auto-tuning and car review community, have become the target of a massive wave of account hijacks, a media report said. The account hacks are the result of a coordinated campaign where hackers use phishing emails to lure victims on fake Google login pages from where they collect users' account credentials, an investigation by ZDNet found. The attacks appear to have affected creators from India as well, as Twitter is flooded with complaints about missing channels from YouTube.

"I am a subscriber & also a big fan of his work #Musafirakajoshi and Somebody hacked my brother Rahul Joshi's YouTube channel #Musafirakajoshi @YouTubeIndia Please get in touch with him as soon as possible. @YouTubeIndia And bring his channel back as soon," wrote one Twitter user.

"The recent phishing attacks on YouTube are an escalation of a classic scheme, in which users are lured to fake login pages, where they enter legitimate credentials. Cybercriminals are always looking for the weakest link in the cybersecurity protecting valuable assets; in this case, it was users," Jonathan Knudsen, Senior Security Strategist at Synopsys Integrity Group. According to a YouTube video from Life of Palos uploaded over the weekend, hackers were capable of bypassing two-factor authentication on users' accounts. Hackers targeting YouTubers might have used Modlishka, a reverse proxy-based phishing toolkit that can also intercept 2FA SMS codes, he suggested.

The best proactive defence against such attacks is education. With the right knowledge, fewer users would have fallen victim to these attacks. "While SMS 2-factor authentication is better than no second factor, this incident is still a reminder of its weaknesses which is why NIST stopped recommending its use back in 2016," said Bill Lummis, Technical Program Manager at HackerOne. "It is important that the industry moves towards newer tools such as time-based One-time Password (TOTP), which recycles numbers every 30-90 seconds on a physical device, or Universal 2nd Factor (U2F), such as Yubikey, given that, attacks such as this will only become easier to execute over time," Lummis said.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

| Edited by: Chhavianshika Singh
Read full article
Next Story
Next Story

Also Watch


Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results