YouTube issued a warning about a sophisticated phishing campaign leveraging an AI-generated video of its CEO, Neal Mohan. This deceptive tactic aims to steal creators’ credentials and access their accounts.
The attackers distribute a private video via email, falsely claiming YouTube is altering its monetization policy. The email’s subject line and body often include a warning that YouTube would never contact creators via private video—a clever attempt to disarm suspicion. However, the video itself is a carefully crafted phishing scam.
YouTube’s official community website features a pinned post addressing the issue.
The post clearly states: “We’re aware that phishers have been sharing private videos to send false videos, including an AI generated video of YouTube’s CEO Neal Mohan announcing changes in monetization. YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam.”
The fraudulent video directs viewers to a malicious website (studio.youtube-plus[.]com).
Phishing landing page
Source: (BleepingComputer)
This site prompts users to “confirm the updated YouTube Partner Program (YPP) terms to continue monetizing your content and accessing all features” by logging into their accounts. This login process, however, is designed to capture their credentials.
Adding to the urgency, the scam threatens account restrictions—including limitations on uploading, editing, and receiving monetization funds—if creators fail to comply within seven days. Even after entering incorrect credentials, users are still redirected to a page claiming their channel is “pending.” This further emphasizes the malicious nature of the attack.
This phishing campaign, active since late January, prompted YouTube to initiate an investigation in mid-February. The company urges users to avoid clicking any links embedded in suspicious emails, as these often redirect to phishing sites designed to steal credentials or install malware.
YouTube also notes that, “Many phishers actively target Creators by trying to find ways to impersonate YouTube by exploiting in-platform features to link to malicious content. Please always be aware and make sure not to open untrusted links or files!”
Unfortunately, several creators have already fallen victim, with scammers hijacking their channels to broadcast live cryptocurrency scams. For guidance on avoiding and reporting phishing attempts, YouTube directs users to its help center.
Further details on similar phishing campaigns are also available. This incident highlights the increasing sophistication of phishing attacks and the need for heightened vigilance among YouTube creators and other online users.
Learn more about protecting yourself from similar attacks by reading our articles on Phishing Prevention Strategies and understanding the latest Top Cyber Threats Facing Enterprise Businesses in 2025.
