YouTube creators are facing a new threat: phishing scams featuring AI-generated videos of YouTube CEO Neal Mohan. YouTube warns these sophisticated attacks aim to steal creators’ credentials by exploiting their trust in official communications.

What the scam content looks like

Scammers are sharing private videos that appear to be from YouTube, claiming changes to the platform’s monetization policy. These videos, created using deepfake technology, convincingly mimic CEO Neal Mohan’s appearance and voice. The goal is to deceive creators into clicking malicious links or downloading harmful files.

The scam begins with an email that looks like an official message from YouTube. The email states that a private video has been shared with the recipient. When creators open the video, they see an AI-generated version of Neal Mohan discussing urgent changes to monetization policies. The message pressures them to take immediate action, often by clicking a fraudulent link or downloading a dangerous file.

Reports on Reddit have highlighted such scams. In one case, a user received an email from “Notification for YouTube Creators” sharing a private video that directed them to download a malicious file. Another user reported receiving a private video from “Channel for Creators,” which prompted them to agree to a fraudulent policy via a fake DocuSign link.

What it means for the creator community

This scam underscores the evolving nature of cyber threats, especially with the integration of AI technologies like deepfakes. As these tools become more accessible, it’s crucial for individuals and organizations to remain vigilant and informed about potential risks.

These scams are particularly concerning because they appear highly authentic. YouTube has warned creators to be cautious of unexpected emails, especially those requesting login credentials or prompting downloads. To stay safe, creators should verify messages through YouTube’s official channels and enable two-factor authentication on their accounts.

By staying alert and following recommended security practices, creators can protect themselves from these sophisticated phishing attempts.