Email addresses of employees of large Russian companies have begun to be attacked by letters sent on behalf of the YouTube video hosting service. It is associated with a new way of earning money from Internet users, whom fraudsters attract with mass mailings of spam emails.
F.A.C.C.T., Russian developers of technologies to combat cybercrime, have discovered a number of such cases. Inside the messages is a discussion of a video with an offer of instant earnings through a large investment platform. Some recipients of such emails immediately blocked them, seeing that the email was too suspicious. Others, out of curiosity and a thirst for money, clicked on the link in the email and became victims of fraud.
By clicking on the link, the recipient of the email was faced with the need to enter a captcha (a set of symbols, letters or numbers that need to be entered in a field on the site, — editor's note) to confirm that he is not a robot.
Then the classic infoscam continues. After the captcha, we will be greeted by a script with a survey determining the financial situation, which will end with a form for entering personal data. Some time after filling out the form, a "specialist" will contact the potential "client", who will introduce himself as a personal manager and help the new client in opening an account and taking the first steps. All the money that the client transfers to this account in order to "start earning" will end up in the hands of fraudsters.
The fraudsters, using a number of accounts, act simply: they register a new YouTube channel and upload several videos there. They leave a comment under one of the videos from another account. From their third account, they respond to this comment, then close the possibility of commenting on the video. An email with a notification of a new comment, generated by YouTube with a correct DKIM signature, is already being mass-mailed to victims.
The danger of the mailing is that the letter contains a YouTube.com DKIM signature, which allows you to confirm its authenticity. Indeed, this is a genuine letter, compiled and sent by YouTube algorithms, but its content contains a link to potentially dangerous content. Of course, it is possible to recognize such a mailing. The fact is that emails from YouTube can be sent from a limited number of servers owned by Google. The sender's email address should always indicate this. In our example, the sender's email address had nothing to do with YouTube.
Such opportunities for fraudsters are not related to any vulnerability of the video hosting service. They just found a loophole in the completely legal algorithms of YouTube.
Cybersecurity experts note that there are a number of protective solutions that will block such suspicious emails. However, even with the most reliable and modern email protection systems, you should remember the rules of digital hygiene.
Read materials on the topic:
Russia and Belarus will eliminate a network of fraudulent call centers
Strike at pirates: Vladimir Putin signed a law blocking pirate "mirror" sites
Russian OS suspected of being heavily dependent on foreign developers