Here’s a fun one.
I don't know how they do it, but they somehow use a link to hijack your google session ID, then take over your google account. Included is the source of one of the emails and a screenshot of the email itself.
**LINK IN THE EMAIL IS VERY DANGEROUS!**
https://pastebin.com/XMk8dgsN
https://prnt.sc/qoc97e
[[3,4,5,9,41],[3,4,9,41]]
@GadgetBoy#125203 Are you able to paste here the “Original” code of the e-mail?
e.g. The block of text describing the e-mails origins and e-mail hosts it hopped through, and mentions of IP addresses.
Also, if this is in g-mail, marking it as Phishing will greatly reduce the chances that someone else will fall prey to it.
even if they might just make another e-mail account.
I’m not sure what was in the ‘rplg.co/charfa’ link, as it is no longer there. But the same name is in the link for the youtube logo image, coming from chacharski.cz and it seems more like a spam email promoting that persons stream. Without further info such as the email’s Header or what was actually on the linked website, its just guess .
The logo image is in a folder with a lot of other images for the persons website and all are dated from 5/2019, so the website doesn't appear to be hijacked.
@TheLittleBirdWhoToldYou#125213 I’m a product expert on the YouTube help forums, and we run into these kinds of things all the time. I’ll see if I can get the email headers for you.
Got these emails aswell in the past few days. Shared it on Twitter: x.com
seems the hack link is some replug.io shortened link which redirects to replug.io itself. Not sure what happened. Maybe Replug already (literally) pulled the plug of this link.
@NeeP#125318 These type scammers who use those short URLs just keep creating new ones and either abandon the old one or they get taken down pretty quick. When it is taken down, the link automatically goes to the host main page.
They use them so the url they are redirected to don’t get reported, since most people reporting a link in an email report just the one in the email, leaving the scam site unknown and unreported.
That website I mentioned with the logo is either a victim or is part of it.
I’ll try to get the actual link. Dunno how successful I’ll be, but these guys are stealing literally hundreds of YouTube and Google accounts. They need to be stopped.