Kaspersky is highlighting the surge in attempts to access phishing resources mimicking Google services. In January 2023, experts witnessed a 189% increase in attempts worldwide, (compared to December 2022), with the trend set to continue in February. Such phishing pages are designed to lure unsuspecting users into giving up their login credentials, allowing attackers to gain access to multiple users and accounts within a company’s ecosystem.
Because it allows them to quickly accomplish their objectives, scammers are particularly interested in using Google’s YouTube video hosting platform. When an attacker logs into the account of a well-known vlogger, they alter the background and profile picture before starting to broadcast their videos, according to Kaspersky.
A video was created to promote cryptocurrencies, which featured Elon Musk and utilized an existing stream. The goal of the video was to convince viewers to scan a QR code displayed on the screen. However, one of the links in the code directed users to a fraudulent website that claimed to be hosting a cryptocurrency raffle. This posed a threat to the users’ money and personal information.
Roman Dedenok, a security expert at Kaspersky said “Phishing attacks continue to evolve and become more sophisticated, with cybercriminals exploiting popular online services like Google to trick users into giving up their personal information. The rise of malicious exploitation of video content, as seen in this recent crypto scam on YouTube, adds another layer of deception, making it even more difficult for users to distinguish between what’s real and what’s not. It’s essential users take proactive steps to secure their accounts and data, such as using strong passwords, two-factor authentication, and reliable security solutions.”
To stay protected from such threats, Kaspersky experts also recommend:
• Use strong and unique passwords: Create strong and unique passwords for each of your accounts, and avoid using the same password for multiple accounts. Use a combination of uppercase and lowercase letters, numbers, and symbols to create a password that’s difficult to guess.
• Set up two-factor authentication: By requiring a second form of identity in addition to your passwords, such as a code sent to your phone or an authentication app, two-factor authentication adds a layer of security to your accounts.
• Be cautious of suspicious emails and messages: Don’t click on links or download attachments from unknown senders, and be wary of messages that ask for your login credentials or personal information.
• Use security solution: To shield your device from malware and phishing assaults, install a trusted security programme, such as Kaspersky Premium. Run frequent scans and maintain the software up to date.
• Verify the authenticity of sources: Verify the authenticity of websites and sources before clicking on links or entering any personal information. Be wary of suspicious-looking websites or unfamiliar domains.