YouTube Warns Creators of AI-Powered Phishing Scam Using Deepfake CEO Videos

YouTube has issued an urgent warning to content creators about a highly advanced phishing campaign using AI-generated deepfake videos of CEO Neal Mohan to steal login credentials. The scam, first detected in late February 2025, begins with an email from [email protected], claiming a private video about monetization policy updates has been shared. Clicking the link redirects users to a fake “YouTube Creators” page hosting a deepfake video of Mohan, which instructs creators to log in to a phishing domain disguised as YouTube Studio. Once credentials are entered, attackers harvest Google account details, session cookies, and even two-factor authentication (2FA) codes, enabling full account takeover.

Compromised accounts are then used to spread scams, such as fraudulent cryptocurrency schemes, to subscribers. In some cases, malware like Lumma Stealer is deployed to steal sensitive data or establish remote access. YouTube has pinned a warning on its Community Forum, stating, “It will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam.” To combat the threat, YouTube advises creators to report phishing videos, revoke compromised session cookies, and enable hardware-based 2FA. The platform is also working with cybersecurity firms to blacklist phishing domains and purge fraudulent channels.

This campaign highlights the growing use of AI deepfakes in social engineering attacks, with over 200,000 creators targeted globally. As phishing tactics evolve, YouTube urges creators to stay vigilant, verify URLs, and avoid unsolicited attachments to protect their channels and audiences.

Source.