(PSA) A warning to YouTube creators, scammers have worked out an almost fool proof method of phishing your account

[WkdPaul]

5 minutes ago, FloRolf said:

So what exactly is the scam? They send me an email or whatever, saying I have to delete my account because of a violation? And if I don't, they will? 

Then why should I do it? 

They contact you saying you have duplicate AdSense account and that if you don't correct it your YT channel will be suspended.

 

I posted another screenshot that give a bit more context, maybe it should be added to the OP ;

 

 

[Shreyas1]

5 hours ago, RejZoR said:

And why would Google/Youtube ask you to delete the account yourself when they can literally do that directly since they are the people who provide this service? You have to really be monumentally stupid to do it yourself. My first question would be WHY?! and after that "If I'm in any violation, then do it yourself lol, you are the service provider and you have the control". People really are naive.

Its a lot easier to make this comment in retrospect when you already know its a scam. In the moment, maybe even depending on mental state, I can imagine quite a few people would fall for it

[RejZoR]

4 minutes ago, Shreyas1 said:

Its a lot easier to make this comment in retrospect when you already know its a scam. In the moment, maybe even depending on mental state, I can imagine quite a few people would fall for it

No it's not. The fact "Google" was asking me to delete it was such a massive red flag I could spot it in the middle of the night while being half asleep. They can pull any string or delete anything and they'll be asking ME to do it on their behalf? LOL? Are you kidding me?

[MageTank]

5 hours ago, Mark Kaine said:

I dont read my emails so now what?

 

 

You and me both, brother. How I am still employed is a miracle, but at least I am scam-proof?

[WkdPaul]

4 minutes ago, RejZoR said:

No it's not. The fact "Google" was asking me to delete it was such a massive red flag I could spot it in the middle of the night while being half asleep. They can pull any string or delete anything and they'll be asking ME to do it on their behalf? LOL? Are you kidding me?

Youtube doesn't have 100% power over everything, especially not AdSense accounts, and that's what those scammers were targetting ; AdSense account linked to his channel.

 

If you're interested in the complexity and BS that can go wrong with an AdSense account, lookup the vtuber Nuxanor and him being unable to access the money in his AdSense account and YT being unable to directly help him.

[RejZoR]

2 minutes ago, wkdpaul said:

Youtube doesn't have 100% power over everything, especially not AdSense accounts, and that's what those scammers were targetting ; AdSense account linked to his channel.

 

If you're interested in the complexity and BS that can go wrong with an AdSense account, lookup the vtuber Nuxanor and him being unable to access the money in his AdSense account and YT being unable to directly help him.

That's just monumental stupidity of Google on display yet again then. It's shit like this why I don't want anything to do with Google and exactly the reason I dumped them entirely. They have insight into everything, but magically can't do shit when they should be able. Usually when it's user's loss. If it was my case I'd say fix your shit as it's literally their problem. Then again I don't depend on stupid AdSense so it's easy for me to say I guess. It's still my stance in general. If I know I'm not in the wrong I'll demand action from company demanding shit, not me doing their stupid work. Which would mean in this case that scam just wouldn't work.

[Fasterthannothing]

6 hours ago, RejZoR said:

And why would Google/Youtube ask you to delete the account yourself when they can literally do that directly since they are the people who provide this service? You have to really be monumentally stupid to do it yourself. My first question would be WHY?! and after that "If I'm in any violation, then do it yourself lol, you are the service provider and you have the control". People really are naive.

Exactly the stupidity of someone following this is astronomical. This isn't some gold standard social engineering it's not even aluminum foil plated. This is just people failing to verify anything. I would be sending an email to Google to confirm before I touched anything. Its just like when someone calls claiming to be from your bank you hang up and call you bank directly. If it's real they will know what your talking about otherwise it's a scam.

[WkdPaul]

1 minute ago, RejZoR said:

That's just monumental stupidity of Google on display yet again then. It's shit like this why I don't want anything to do with Google and exactly the reason I dumped them entirely. They have insight into everything, but magically can't do shit when they should be able. Usually when it's user's loss. If it was my case I'd say fix your shit as it's literally their problem. Then again I don't depend on stupid AdSense so it's easy for me to say I guess. It's still my stance in general. If I know I'm not in the wrong I'll demand action from company demanding shit, not me doing their stupid work. Which would mean in this case that scam just wouldn't work.

Yeah, Google and YT in general are fucked in so any ways.

 

Off-topic ;

The whole situation (about the vtuber) was ridiculous, he basically became available for AdSense when he was on vacation, he activated the account but what he didn't know was that meant it was locked to the country the account was activated, not his country of residence or the country his Google account was created.

 

As such, Google wouldn't transfer the money to another country than the one the AdSense account was in. So he made a bank account in that country and tried to have the money transferred but the country decided it was suspicious activity and locked the transfer and the bank account. He went through lawyers and accountant but couldn't get this fixed, and by the time he realized his only option was to delete the AdSense account and create a new one, he had hundred of thousands of dollars in there ... that he had to declare and pay tax on ...

 

Years later (yes, 4 years exactly) he was able to get access to the money through a contact at Google, but it was completely unofficial.

 

 

On-topic ;

With that said, not sure how that guy was convinced to delete his channel, because last I checked, your AdSense account is "linked" to your YT account, and changing the AdSense account is something that's possible without deleting your YT account!

[Distinctly Average]

7 hours ago, Master Disaster said:

This is blowing up on YouTube ATM, I'll begin with a tweet that should show just how sophisticated this scam is...

 

Essentially the scammers have worked out a method of sending people emails that are originating from a genuine Google domain making them indistinguishable from authentic Google emails.

 

Details are a bit thin ATM but it seems as though the scammers are bouncing the emails through Google Chat and when they arrive in your inbox they look like they've come from Google (because they basically have). Then once you click the link provided it actually opens a session in Google Chat making it seem even more believable that you're really talking to Google.

 

Some Ordinary Gamers also received the email and was in the process of chatting to the scammers when he noticed the email of the person he was chatting to had an @account-support.com domain on their email.

 

If you receive an email from Google saying

its a scam. Ignore it.

 

Source -

 

Not the first time I have seen this. About three years back a popular YouTuber in the cycling trials world had the same. Been happening for years now.

[leadeater]

41 minutes ago, wkdpaul said:

lookup the vtuber Nuxanor

One of us, one of us, one of us 

 

So wholesome.

[Master Disaster]

58 minutes ago, wkdpaul said:

They contact you saying you have duplicate AdSense account and that if you don't correct it your YT channel will be suspended.

 

I posted another screenshot that give a bit more context, maybe it should be added to the OP ;

 

 

Please feel free to add it, I'm away from home for the next few hours and I only have my mobile so editing a post is a PITA.

[wanderingfool2]

30 minutes ago, SlidewaysZ said:

Exactly the stupidity of someone following this is astronomical. This isn't some gold standard social engineering it's not even aluminum foil plated. This is just people failing to verify anything. I would be sending an email to Google to confirm before I touched anything. Its just like when someone calls claiming to be from your bank you hang up and call you bank directly. If it's real they will know what your talking about otherwise it's a scam.

"Send an email to Google"...what I have a problem with is people throwing around the word stupid for him falling for this.  Saying that he should have contacted Google is wishful thinking.  So in your infinite wisdom tell me, where are you suppose to email at?  Also, having AdMob limited I can say they don't offer any real way to contact (and the formatting was eerily similar) [story below].  As a note, this literally is pointing them towards Google Chat, at which point they would see the "YouTube Support" still.  It's like hanging up the phone and "dialing" your bank, but the scammers kept the line open.

 

1 hour ago, RejZoR said:

No it's not. The fact "Google" was asking me to delete it was such a massive red flag I could spot it in the middle of the night while being half asleep. They can pull any string or delete anything and they'll be asking ME to do it on their behalf? LOL? Are you kidding me?

Wording can be such a key thing.  There is a difference between Google "deleting"/"suspending" than you willingly taking down your channel.  It's similar to how in the old days if you uploaded a youtube clip and youtube would ask if you wanted to publish to video (if it detected copyrighted material).  You could either, unpost it or continue (with the concept that if you continue and there is a copyright complaint you would be in more trouble).

 

My AdMob has been "flagged" in the past for unusual activities (one of my Apps had gotten 1,000 new downloads in a week and was generating a decent amount of ad views...but that's because it was what I assume to be a bot farm that did it, not sure why my app).  I received an email that admittedly was very similar to this...beginning bit of an official email I got from Google

Quote

Hello,
Google is working hard to ensure an ads ecosystem that protects advertisers, publishers and users from fraud and bad ad experiences. As a result of this, some AdMob accounts may have a temporary limit placed on the number of ads they can show while we get to know the publisher and assess their traffic quality. A temporary ad serving limit has been placed on your account.

In it is a link to the "policy center".  Naturally I logged into AdMob (not through any links), and finally figured out it was true [went down to making cents each month instead of dollars...albeit it is just a hobby, but one that makes a few hundred a year for not publishing any new Apps for a few years].  No way to contact or appeal in this case, and their " typically impacts publishers for less than 30 days" turned into 3 months of waiting.  They had also suggested in the automated reply "corrective measures", which I didn't do because it wasn't anything I was already doing.

 

So I can understand how someone could fall for this, and I do place a decent amount of blame on Google for not distinguishing the fact that it was coming from an user and not a support team.

  

2 hours ago, wkdpaul said:

No offence, but the email under "youtube support" would've made me leave without replying. As a sys admin, that's stuff I always tell users to look out for.

I just tried messaging myself (from a different email)...and at least the browser form of accessing chat via gmail.com did not show the email address; just my name.  This really does not sit with me well, there is very little excuse to not have a system in place to make it easier to identify scammers.  They literally take away the ability to by not displaying it (aside from going to chat.google.com) I cannot quickly and easily find a way to make it display the email address associated with it...so if he accessed it the way I am currently accessing it, it would literally just say YouTube Support.

 

 

[WkdPaul]

4 minutes ago, wanderingfool2 said:

I just tried messaging myself (from a different email)...and at least the browser form of accessing chat via gmail.com did not show the email address; just my name.  This really does not sit with me well, there is very little excuse to not have a system in place to make it easier to identify scammers.  They literally take away the ability to by not displaying it (aside from going to chat.google.com) I cannot quickly and easily find a way to make it display the email address associated with it...so if he accessed it the way I am currently accessing it, it would literally just say YouTube Support.

I know, but doing something that serious shouldn't be done on the fly while on your phone. The desktop version always have more information and taking care of something like this shouldn't be done in urgency (scam 101 is they try to make it an urgent matter so that people are unsettled and make a bad decision in their favor).

 

While that might sound like "hindsight is 20/20", that's something that should be a given, especially for someone that run a channel about scammers. As a sys admin I often have to use my phone when emergencies arise, but it's only for communications and I would NEVER manage anything through my phone even if I have access.

[DrMacintosh]

Really helps to keep in mind the kind of interaction you as a user has with a tech company. As soon as anyone online asks you to take action for them…especially if that someone is Google, you have to ask, why? Especially if there urgency involved. Nothing is urgent. Jim Browning even said that himself. 
 

I’ve personally witnessed increasing uses of seemingly genuine email domains/addresses and indistinguishable emails in scam attempts. It’s unfortunate but people are going to have to learn to not fall into traps like this. 

[Kisai]

15 minutes ago, wanderingfool2 said:

 

I just tried messaging myself (from a different email)...and at least the browser form of accessing chat via gmail.com did not show the email address; just my name.  This really does not sit with me well, there is very little excuse to not have a system in place to make it easier to identify scammers. 

 

This is why "minimizing" names, urls and such forth is such a liability. One of the reasons link shorteners kinda stopped being a thing, because it allowed scams and phishing to not be picked up, and likewise twitter actually retrieves linked data rather than the short link.

 

What needs to happen is that the email address should ONLY be shown untill they are in your contact list, not to automatically add people to your contact list. If someone is in your contact list, then change the color and show the full name as YOU entered it on the contact list and which email they contacted you from.

 

[Pickles von Brine]

Fuck me. That is some scary shit. 

[wanderingfool2]

6 minutes ago, wkdpaul said:

I know, but doing something that serious shouldn't be done on the fly while on your phone. The desktop version always have more information and taking care of something like this shouldn't be done in urgency (scam 101 is they try to make it an urgent matter so that people are unsettled and make a bad decision in their favor).

 

While that might sound like "hindsight is 20/20", that's something that should be a given, especially for someone that run a channel about scammers. As a sys admin I often have to use my phone when emergencies arise, but it's only for communications and I would NEVER manage anything through my phone even if I have access.

That wasn't through my phone.  That is literally using my desktop computer and going to www.gmail.com.  The mobile version actually shows my email.

 

Overall this is horrible design by Google (interface design, and general practices).  If Google didn't send out weird emails like this, if Google didn't set time limits on some required responses, if Google didn't have practices of shutting down people's AdSense for no reason (or explanation), or if Google actually identified user generated content (and more importantly didn't allow their own chat to have names like YouTube Support, without identifying the email).

[Mark Kaine]

2 minutes ago, wkdpaul said:

While that might sound like "hindsight is 20/20", that's something that should be a given, especially for someone that run a channel about scammers.

That is the only thing that "bothers" me… like dude, how did he fall for this? But i understand mistakes are made, its just a weird first impression of someone who's supposedly an expert and doesnt make me particularly interested in his 'expertise' …for some reason. 

 

 

5 minutes ago, wkdpaul said:

As a sys admin I often have to use my phone when emergencies arise, but it's only for communications and I would NEVER manage anything through my phone even if I have access.

i learned in many situations, if something doesnt work or simply doesnt display when it should , switching to "desktop mode" actually  makes it work… but i do often forget about this regardless, but its also just bad design… i get a mobile website cant necessarily display *all* options, but there still should be some hints that you're actually  missing some information / options…

 

BTW, i googled (lol) isnt this case pretty much related to this?

 

 

and also btw, they very much do this, which i mentioned earlier… they really need to stop doing this (asking for your password *unsolicited*) for any reason… if there is suspicious activity then *tell me* and not just send me a link where i have to possibly expose my password (if Im not already logged in, which isnt a given at all times obviously)

 

 

 

-->

 

 

 

 

like literally  wtf, just to tell me I dont have a "lockscreen"?? 

[WkdPaul]

5 minutes ago, wanderingfool2 said:

That wasn't through my phone.  That is literally using my desktop computer and going to www.gmail.com.  The mobile version actually shows my email.

I assumed you were on mobile, but yeah, this looks like Hangout on Gmail.

 

BTW, the email is totally visible, simply over your mouse over the user's icon.

 

Again, seems like he missed the scammers' domain, it happens, but let's not pretend this is a sophisticated attack, as others have pointed out, there are multiple red flags and confirming who you're talking to should be at the top of the list when you're starting a chat discussion like this.

[SolarNova]

I have avoided issues like this in the past with a simple and thus far surefire method to check for authenticity.

 

If an email requires you to take action on an account, for what ever service, if once separately logging into said account manually (not links) the account has no notices present in the account screen,then the email is fake.

Modern account services usually leave notices on the account page itself if something is amiss.

 

For very important services, like bank services, ill only consider letters, and even then I'll phone to talk directly using a pre-existing known number.

 

Long story short and if ever in the slightest doubt, dont reply or otherwise contact the services via links or other methods provided by the email/letter/caller even fi they look legit...just contact the service via a method already known to you.

 

Seems like this guy just had a bad day and cocked up by reply instantly via a method provided to him by the people who contacted him. A basic mistake, one thats cost him (hopefully temporarily) but a lesson for others atleast.

[wanderingfool2]

  

14 minutes ago, wkdpaul said:

I assumed you were on mobile, but yeah, this looks like Hangout on Gmail.

 

BTW, the email is totally visible, simply over your mouse over the user's icon.

 

Again, seems like he missed the scammers' domain, it happens, but let's not pretend this is a sophisticated attack, as others have pointed out, there are multiple red flags and confirming who you're talking to should be at the top of the list when you're starting a chat discussion like this.

My current setup isn't really show it, had to switch browsers...likely has to do with the fact that the formatting/scaling is pushing the hangouts chat portion half-off the page.

 

Not denying that there were red flags and this was in general an unsophisticated attack, but saying there were red flags doesn't excuse the way Google has implemented things.  The email could potentially have been mostly hidden away, Google allows an no-reply@google.com email to come through with user inputted text without specifying it, Google allows people to sign up for their service with YouTube Support without flagging it.

 

I get that there isn't any way to fully prevent legit looking emails, and that some things will always slip through the cracks...but Google has goofed by their own policies.  Again, I've received an official email from Google that is very similar (and even in the email it mentions threats of termination [and maybe banning I forget and can't look it up] from the service if the automated review determines I'm in non-compliance).  If he has received similar things in the past like this, I can understand how he might think it's legitimate...especially when within gmail.com it pops up with "YouTube Support" (after receiving an email from no-reply@google.com).

 

This kind of spam could easily have been avoided if Google showed the email address prior to communication.  Sometimes people have off days, but I think this really highlights the fact that Google and other email providers should be trying to make it easier to identify scammers (instead of doing things such as just showing the from field's name instead of email)

 

[demonix00]

11 hours ago, Master Disaster said:

looks like he missed the scammer's domain when chatting with him ;
 

 

Screenshot in case the Tweet get deleted ;
 

  Hide contents

 

And for anyone who hasn't done a whois check yet, here are the numbers

 

Domain is 31 days old

All contact data is redacted via proxy protection LLC.

Domain registrar is dreamhosts and uses their servers (considering google has their own servers and such, they wouldn't use a third party)

[Brooksie359]

10 hours ago, Avocado Diaboli said:

Apparently, he falls for scams where people tell him "Dude, you need to, like, totally delete your YouTube channel, right now. Trust me, I'm from Google." This is obviously paraphrased nonsense, but essentially what he describes. He was convinced by someone to delete his channel. He didn't mention what it took to delete it, but what possible explanation would even convince you to do something like that?

 

I know what Browning does, but you clearly didn't understand what the point of my comment was, which was that appealing to authority doesn't absolve him in this case from having fallen for an obvious scam. Just because he exposes scammers doesn't somehow make this any less stupid on his part and no doctorate is going to change that.

I usually would give them the benefit of the doubt. It would be a huge assumption that it was an obvious scam unless whe had all the info including the conversation. Sure us knowing it's a scam can go and point out flaws and say it's obvious but I would say that if you didn't go in thinking that then perhaps it's less clear. I mean the scam didn't have many flaws to it so if you just happened to overlook them then it's pretty easy to fall for. 

[TheMcSame]

11 hours ago, RejZoR said:

And why would Google/Youtube ask you to delete the account yourself when they can literally do that directly since they are the people who provide this service? You have to really be monumentally stupid to do it yourself. My first question would be WHY?! and after that "If I'm in any violation, then do it yourself lol, you are the service provider and you have the control". People really are naive.

Yep...

 

Also the fact that 'Youtube support' is using a Google logo for their picture rather than the Youtube logo is a bit of a flag in my eyes. Like, sure, Google owns Youtube. But if you were talking to Chevy customer support, would you expect the GM logo or the Chevy one?

[Quackers101]

16 minutes ago, valdyrgramr said:

I mean I don't see how he fell for it when there's a few red flags.  One, it says that it's youtube@creator-partners.com.   That alone is enough to make you question, or should, if it really is legit.  Secondly, there was no solid proof of the second account mentioned from what I saw.   I would have just laughed and reported them.

in google chat maybe, but in the email it was @google.com if I'm not mistaken and maybe didn't care to look into the other parts like google chat etc.