Emerging Threats

Symantec discovery finds that phishers are creating YouTube channels to document their attacks

Authored by a Symantec employee


Symantec recently discovered a phishing site for Amazon.com, which didn't seem out of the norm, at first. However, when taking a closer look at the HTML source code, an interesting comment from the attacker was uncovered. The "brag tag," found details that consisted of the name of the scam, "Scama Amazon 2016,” along with the attacker's name, website, and even a YouTube channel.

Upon investigating Code nour, the phisher's YouTube channel, it was found that it has only five subscribers, and most of the videos have fewer than 100 views at the time of writing. While not many people subscribe to the channel or watch the videos, the few that do are keen and enthusiastic. The videos on the channel show walkthroughs of the phisher's convincing-looking phishing kits.

Code nour isn't the only phisher with a YouTube presence. This kind of activity is normally expected to take place on secretive underground forums, so it's surprising that phishers are so brazenly, and publicly publishing this material on YouTube.

This completely open trade in phishing knowledge and tools shows the scale of today's phishing problem. With more and more aspects of our lives being managed online, we expect phishing to increase.

How Do I Know if it’s a Phishing Scam?

Phishers often masquerade as legitimate, well known companies in order to trick you into divulging sensitive information. These scams may use email as a platform to try to request personal information and direct users to malicious websites where malware can be hiding. These tricksters tend to use real company logos, and use what is called a spoofed email address, which is an email address that looks like it is coming from the legitimate company’s address. However, the address may be misspelled slightly or come from a spoofed domain.

These fraudulent emails come in many forms, which can look like a help desk support ticket, a message from your bank, or someone soliciting money via a 419 scam. In these emails, phishers tend to use some kind of urgent call to action. You may get a notice that an account is being shut down and you need to log in “immediately” in order to avoid that from happening. They may also request personal information in order to verify your identity. It is important to remember to NEVER click on the links in the suspicious emails, no matter how legitimate the link may appear. It is always best to visit the website in question by manually typing the address in your browser’s URL bar. For extra security, be sure to look for the verified HTTPS at the beginning of the URL in the task bar.

Stay Safe Against Phishing Attacks:

To protect against phishing attacks, we suggest the following best practices:

  • Use two-factor authentication (2FA) when possible. 2FA is a method of verifying your identity that adds a second factor of authentication in addition to your account password.
  • Do not click on links in messages from unknown senders. And be especially selective about what you download to your computer- if you’re not expecting the email, definitely do not download any attachments.
  • Keep software and security patches up to date. By regularly performing these updates, you are actually patching vulnerabilities, or “holes” that malware can sneak through.
  • Never give out any personal information via email, social media platforms, text messages or instant messages.
  • Use Norton Security to provide anti-spam protection and proactively protect from other security risks.

You can learn more about phishers and their tactics here.

Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

Copyright © 2019 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the LockMan Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome and Android are trademarks of Google, LLC. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced and/or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other company names and product names are registered trademarks or trademarks of each company.