---
title: "Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K | DMARC Report"
description: "Attackers hijack Google Ads logins via Google Sites, infostealers hide in YouTube comments, and a Frenchwoman loses $850K to a Brad Pitt deepfake scam."
image: "https://dmarcreport.com/og/blog/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k.png"
canonical: "https://dmarcreport.com/blog/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/"
---

Quick Answer

Attackers operating from Eastern Europe, Asia, and South America are hijacking Google Ads accounts by spinning up convincing fake login pages on Google Sites and using captured accounts to push malware and malicious ads. Trend Micro documented a parallel campaign that hides infostealer downloads in YouTube comments and search results for pirated software, routed through hosts like Mega.nz and Mediafire. In France, 53-year-old Anne lost about $850,000 to a Brad Pitt impersonation scam built on AI photos and deepfake videos, including a fake kidney cancer storyline.

Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fgoogle-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Google%20accounts%20hijacked%2C%20Stealers%20infiltrate%20YouTube%2CWoman%20loses%20%24850K&url=undefined%2Fblog%2Fgoogle-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fgoogle-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fgoogle-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k%2F&title=Google%20accounts%20hijacked%2C%20Stealers%20infiltrate%20YouTube%2CWoman%20loses%20%24850K "Share on Reddit") [ ](mailto:?subject=Google%20accounts%20hijacked%2C%20Stealers%20infiltrate%20YouTube%2CWoman%20loses%20%24850K&body=Check out this article: undefined%2Fblog%2Fgoogle-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k%2F "Share via Email") 

![Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) 

![Create dmar record 150x150](https://media.mailhop.org/dmarcreport/images/2025/01/create-dmar-record-150x150.jpg) 

> The email authentication landscape changed permanently in 2024, says Brad Slavin, General Manager of DuoCircle. Google, Yahoo, and now Microsoft all require DMARC. What used to be a best practice is now a hard prerequisite for reaching inboxes. Organizations that delayed are now paying the price in deliverability.

```
					DMARC Report					

				
```

Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K

```
					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						
```

Play Episode

```
					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						
```

Pause Episode

```
					</button>
				

					<audio preload="none" class="clip clip-19838">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/01/Google-accounts-hijacked-Stealers-infiltrate-YouTubeWoman-loses-850K.mp3">
					</audio>
						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								
```

Mute/Unmute Episode

```
							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								
```

Rewind 10 Seconds

```
							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								
```

Fast Forward 30 seconds

```
							</button>
						

							<time class="ssp-timer">00:00</time>
							
```

/

```
							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M21S">2:21</time>
			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-19838" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-19838" title="Share">Share</button>
										</nav>

						
```

RSS Feed

```
							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-19838" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-19838" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

						Share						
					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/&t=Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/&url=Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/01/Google-accounts-hijacked-Stealers-infiltrate-YouTubeWoman-loses-850K.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

						Link						
					

						<input value="https://dmarcreport.com/blog/podcast/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/" class="input-link input-link-19838" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-19838" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
					

						Embed						

					
```

/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-19838” readonly/>

```
					<button class="copy-embed copy-embed-19838" title="Copy Embed Code" aria-label="Copy Embed Code"></button>


```

It’s the third week of January, and people are completely into rush mode in January. But while focusing on goals such as **health, wealth, and bliss**, are you paying enough attention to the [cyber ecosystem](https://www.ox.ac.uk/news/2024-11-12-new-ukri-funded-network-bolster-uk-s-cyber-security-research-ecosystem)?

Threat actors keep lurking in the background without letting you know.\_ Just one mistake, and they will lose no moment in breaking into your network\_. That’s why it is crucial to keep yourself updated about the cyber events that are taking place around the world. With so many [cyber scams](https://www.voanews.com/a/un-warns-of-growing-tech-threat-from-southeast-asia-s-cyber-scam-gangs/7813703.html) happening every day, the only way to \*\*safeguard yourself is to educate yourself about [cybersecurity](https://dmarcreport.com/blog/major-cybersecurity-trends-that-will-reign-in-2024/).

We are back again with our cyber bulletin! This week, the focus will be on the high-profile ‘Brad Pitt’ cyber scam. We will also talk about how threat actors are targeting those users who actively look for [pirated software](https://www.foxnews.com/tech/hackers-use-pirated-software-to-hijack-mac-android-windows-devices) online. Lastly, we will discuss the \*\*Google advertising account hijack incidents.

So, are you ready to dive deeper?

![What is dmarc](https://media.mailhop.org/dmarcreport/images/2025/01/what-is-dmarc-7615.jpg) 

## Google advertiser accounts are being hijacked by threat actors!

\*\*Running ads on Google is a great way to boost your business . But what if the same ad gives away all the vital details to [cybercriminals](https://thehill.com/opinion/cybersecurity/4468537-cybercriminals-have-small-town-usa-in-their-crosshairs-how-to-fight-back/)?

This is exactly what’s happening as more and more threat actors are hijacking Google Ads login pages. The idea is to \*\*trick naive users into sharing their account details. Afterwards, the attackers use the hijacked accounts to buy as well as distribute malware and [malicious advertisements](https://cybersecuritynews.com/hackers-trick-windows/) through Google Ads. \_Experts believe that scammers operate from varied locations such as Easter Europe, Asia, and South Americ\_a.

The worst part is that there’s absolutely no way to differentiate between legitimate Google Ads and these malicious ads. There has been a sudden spike in the number of [fake Google Ads](https://www.bleepingcomputer.com/news/security/google-ads-push-fake-google-authenticator-site-installing-malware/) that are targeting individuals and businesses who have already been looking forward to running ads on Google. These fake ads appear to be \*\*highly convincing and trick users into signing in to their existing accounts or signing up for a new ad account. The users get directed to malicious Google pages from where threat actors harvest user data such as usernames and passwords.

These [threat actors](https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator) are **leveraging Google Sites**, the free website creation platform available on Google.

_Google is currently working on finding a quick fix to stop the hijacking incidents once and for all_. Google is actively developing a \*\*swift and comprehensive solution to prevent account hijacking incidents, leveraging enhanced [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://dmarcreport.com/what-is-spf/) cybersecurity measures to fortify [email authentication](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/).

## Deadly info stealers hidden in YouTube comments

Are you someone who loves downloading pirated software to save some dollars? Then, this is something you need to know!

Cyberattackers are targeting such people through YouTube comments and Google search results. According to the researchers from [Trend Micro](https://www.trendmicro.com/en%5Fin/business.html), threat actors pretend to offer detailed guides where they share legit software installation guides. This is done to compel people to read the **comments or video descriptions**. Then very cleverly, they insert [malicious links](https://hackread.com/discord-malware-attacks-as-50000-malicious-links/) for users.

Similarly, on Google, threat actors are adding search results for pirated software. _The links they are offering to appear to be legit downloaders_. But clicking on them would result in malware getting **downloaded into your system**.

Detecting these malicious links gets all the more difficult as the cybercriminals use reputed [fire hosting services](https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/) such as **Mega.nz and Mediafire**.

![Dmarc record generator](https://media.mailhop.org/dmarcreport/images/2025/01/dmarc-record-generator-6.jpg) 

## French woman loses $850K as she fell for “Brad Pitt” scam!

\*\*53-year-old Anne is a die-hard fan of Brad Pitt. But it is because of her unconditional love for the celeb and lack of cybersecurity knowledge that she lost a whopping $850K to scammers.

_The scammers approached Anne through an Instagram message while posing as “Jane,” Brad’s mother_. The message claimed that Jane wanted to set Anne up for her son. Soon, the threat actors connected with Jane through \*\*Instagram messages as Brad Pitt himself. The messages seemed too convincing to be fake.

To make things worse, the scammers used [deepfake technology](https://www.usatoday.com/story/tech/columnist/komando/2023/10/26/how-to-spot-ai-deepfakes/71294803007/) to trick Anne. Brad’s AI-generated videos were used to carry out their malicious intentions.

Anne was already going through an \*\*emotional rough patch because of her divorce from her husband. _Attackers made the most out of her emotional vulnerability by sending out love notes and romantic messages, which made Anne fall badly for fake Brad Pitt_. He asked her to pay customs duty over $9000 USD for luxury gifts, which she happily paid but received nothing in return. To make it worse, the [scammers used deepfake videos](https://siliconangle.com/2024/02/04/scammers-used-deepfake-cfo-trick-company-employee-sending-25m/) of Brad Pitt and created a false story of being admitted to a hospital for kidney cancer treatment. She paid over $800k for his treatment.

Anne shared all these details in an interview with TF1, the **French news broadcast channe**l. Her lack of cyberawareness has robbed her of her entire life savings. Besides, her ignorance is termed sheer stupidity, and people are mocking her feelings for fake [Brad Pitt](https://www.euronews.com/culture/2025/01/15/viral-scam-french-woman-duped-by-ai-brad-pitt-love-scheme-faces-cyberbullying).

## Topics

[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/) 

![Vishal Lamba](https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg) 

[ Vishal Lamba ](/authors/vishal-lamba/) 

Content Specialist

Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs.

[LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 4m  Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing  May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[  Foundational 4m  Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats  Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[  Foundational 4m  AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack  Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[  Foundational 4m  Akira flaunts victims, Idaho targets orthodontist, AI granny protects  Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K","description":"Attackers hijack Google Ads logins via Google Sites, infostealers hide in YouTube comments, and a Frenchwoman loses $850K to a Brad Pitt deepfake scam.","url":"https://dmarcreport.com/blog/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/","datePublished":"2025-01-17T11:08:44.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-01-17T11:08:44.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://dmarcreport.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes DMARC Report's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF and DMARC errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1115,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K","item":"https://dmarcreport.com/blog/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/"}]}
```