YouTube Account Recovery Phishing
Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators.
The phishing campaign, which was initially discovered on a compromised WordPress website, is made up of two pages responsible for harvesting and sending along the victim’s stolen username, password, and recovery phone number.
Simply knowing the account recovery phone number will not allow the attacker to bypass 2FA for accounts that have it enabled.