Social Engineering Campaigns involve the use of deception to get web users into disclosing personal information that could be used for fraudulent purposes, using a variety of techniques such as phishing, whaling, and pharming.
Google’s Threat Analysis Group (TAG) has disclosed tracking a group of hackers recruited in a Russian-speaking forum, that lure their target with fake collaboration opportunities, to hijack their YouTube channel, and then sell it off to the highest bidder or use the channel to broadcast cryptocurrency scams.
As many YouTube creators provide their email address on the channel for easy contact for opportunities, the attackers would forge business emails impersonating an existing company requesting a collaboration.
How Attackers use Social engineering to hijack YouTubers accounts?
Typically, the phishing starts with a custom email of the company introducing its products, and if a target agrees to the deal, a malware page disguised as a software download URL will be sent via email or a PDF, or in some cases, Google documents containing the phishing links.
There are several domains associated with forged companies registered by the attackers and multiple websites built for malware delivery. According to TAG, at least 1,011 domains were created solely for this purpose, with some of the websites clone of legitimate software sites, such as Cisco, and games on Steam, with some generated using online templates.
The researchers identified around 15,000 actor accounts, most of which were created for this campaign specifically. There is also another technique employed by the hackers known as 'pass-the-cookie attack' which is a session hijacking technique that enables anyone access to user accounts with session cookies stored in the browser.
Though the technique has been around for some time, its resurgence could be due to the wider adoption of multi-factor authentication (MFA) that makes it difficult for attackers to break into accounts, hence the shift to social engineering tactics.
How to Mitigate against Social Engineering Attacks?
As the threat actors becomes more sophisticated in their attacks, it is important that web users remain aware of the types of threats and take appropriate steps to further protect their accounts.
Most importantly, they need to activate multi-factor authentication which provides an extra layer of security to account in case password is leaked or stolen. And also enable the “Enhanced Safe Browsing Protection” mode in Chrome browser, which feature increases warnings on potentially suspicious web pages.