YouTube Warns of AI-Generated CEO Video Used in Phishing Scam

News 12 Mar 2025

YouTube has warned users of a phishing scam in which the attackers leverage YouTube CEO Neal Mohan’s AI-video to steal creators’ credentials. The attackers send the video via private message about crucial updates concerning YouTube’s monetization policy. This is the malicious trick for tricking the content creators into providing their login credentials, risking hijacking and unauthorized access to monetized videos.

How the Scam Operates

The attackers make it urgent by claiming that creators must adhere to new monetization policies within seven days or they will lose access to basic features like uploading, editing, and getting monetization payments. The email asks the recipients to log in to verify their compliance.

After the user inputs their credentials, they are tricked into believing their channel is being reviewed. They are requested to open a file in the video description for further information. The link, however, directs them to a phony site (studio.youtube-plus[.]com) intended for login details theft. Even when users input invalid credentials, the website misleadingly informs them that their channel is “pending,” which adds to the believability of the scam.

YouTube’s Official Warning

YouTube has pinned an official notice in the community forum, which reads:
YouTube and its staff will never reach out to users through private videos.
Any private video from YouTube is likely a phishing scam.
Authors should never click on dubious links in emails.

Ironically, the phishing mail alerts users that YouTube will never disclose information through private videos, so the scam looks more convincing. The scammers exploit the existing security messages on YouTube to look more compelling and have better chances of succeeding.

Ongoing Investigation & Security Measures

The phishing campaign kicked off in late January, and in mid-February, YouTube started looking into it. Several creators have been targeted, with hackers taking over their channels to stream cryptocurrency scams. Upon being hijacked, these channels send out more malicious content, enticing more unsuspecting victims to fall for similar scams.

To counter such attacks, YouTube provides security tips in its Help Center and has a support assistant to assist creators in recovering hacked accounts, a feature launched in August 2024. The platform continues to scan and delete fake accounts and phishing attempts to safeguard its creator community.

How to Stay Safe

Do not click on unfamiliar links in emails.
Turn on two-factor authentication (2FA) for extra security.
Report suspicious messages to YouTube right away.
Update passwords frequently and employ one-of-a-kind credentials for various platforms.
Confirm official YouTube notifications via the platform’s official support website.

As phishing methods continue to advance, being careful is essential in keeping your channel and content safe from cyber attacks. With AI-driven scams now more realistic, creators need to exercise caution and take proactive security steps to secure their accounts and digital properties.

OpenAI Unveils GPT-4.5: A Step Forward or a Placeholder for GPT-5?