Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K

The email authentication landscape changed permanently in 2024, says Brad Slavin, General Manager of DuoCircle. Google, Yahoo, and now Microsoft all require DMARC. What used to be a best practice is now a hard prerequisite for reaching inboxes. Organizations that delayed are now paying the price in deliverability.

					DMARC Report					

				

Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-19838">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/01/Google-accounts-hijacked-Stealers-infiltrate-YouTubeWoman-loses-850K.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M21S">2:21</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-19838" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-19838" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-19838" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-19838" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/&t=Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/&url=Google accounts hijacked, Stealers infiltrate YouTube,Woman loses $850K" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/01/Google-accounts-hijacked-Stealers-infiltrate-YouTubeWoman-loses-850K.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/google-accounts-hijacked-stealers-infiltrate-youtubewoman-loses-850k/" class="input-link input-link-19838" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-19838" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-19838” readonly/>

					<button class="copy-embed copy-embed-19838" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

It’s the third week of January, and people are completely into rush mode in January. But while focusing on goals such as health, wealth, and bliss, are you paying enough attention to the cyber ecosystem?

Threat actors keep lurking in the background without letting you know._ Just one mistake, and they will lose no moment in breaking into your network_. That’s why it is crucial to keep yourself updated about the cyber events that are taking place around the world. With so many cyber scams happening every day, the only way to **safeguard yourself is to educate yourself about cybersecurity.

We are back again with our cyber bulletin! This week, the focus will be on the high-profile ‘Brad Pitt’ cyber scam. We will also talk about how threat actors are targeting those users who actively look for pirated software online. Lastly, we will discuss the **Google advertising account hijack incidents.

So, are you ready to dive deeper?

Google advertiser accounts are being hijacked by threat actors!

**Running ads on Google is a great way to boost your business . But what if the same ad gives away all the vital details to cybercriminals?

This is exactly what’s happening as more and more threat actors are hijacking Google Ads login pages. The idea is to **trick naive users into sharing their account details. Afterwards, the attackers use the hijacked accounts to buy as well as distribute malware and malicious advertisements through Google Ads. _Experts believe that scammers operate from varied locations such as Easter Europe, Asia, and South Americ_a.

The worst part is that there’s absolutely no way to differentiate between legitimate Google Ads and these malicious ads. There has been a sudden spike in the number of fake Google Ads that are targeting individuals and businesses who have already been looking forward to running ads on Google. These fake ads appear to be **highly convincing and trick users into signing in to their existing accounts or signing up for a new ad account. The users get directed to malicious Google pages from where threat actors harvest user data such as usernames and passwords.

These threat actors are leveraging Google Sites, the free website creation platform available on Google.

Google is currently working on finding a quick fix to stop the hijacking incidents once and for all. Google is actively developing a **swift and comprehensive solution to prevent account hijacking incidents, leveraging enhanced DMARC, DKIM, and SPF cybersecurity measures to fortify email authentication.

Deadly info stealers hidden in YouTube comments

Are you someone who loves downloading pirated software to save some dollars? Then, this is something you need to know!

Cyberattackers are targeting such people through YouTube comments and Google search results. According to the researchers from Trend Micro, threat actors pretend to offer detailed guides where they share legit software installation guides. This is done to compel people to read the comments or video descriptions. Then very cleverly, they insert malicious links for users.

Similarly, on Google, threat actors are adding search results for pirated software. The links they are offering to appear to be legit downloaders. But clicking on them would result in malware getting downloaded into your system.

Detecting these malicious links gets all the more difficult as the cybercriminals use reputed fire hosting services such as Mega.nz and Mediafire.

French woman loses $850K as she fell for “Brad Pitt” scam!

**53-year-old Anne is a die-hard fan of Brad Pitt. But it is because of her unconditional love for the celeb and lack of cybersecurity knowledge that she lost a whopping $850K to scammers.

The scammers approached Anne through an Instagram message while posing as “Jane,” Brad’s mother. The message claimed that Jane wanted to set Anne up for her son. Soon, the threat actors connected with Jane through **Instagram messages as Brad Pitt himself. The messages seemed too convincing to be fake.

To make things worse, the scammers used deepfake technology to trick Anne. Brad’s AI-generated videos were used to carry out their malicious intentions.

Anne was already going through an **emotional rough patch because of her divorce from her husband. Attackers made the most out of her emotional vulnerability by sending out love notes and romantic messages, which made Anne fall badly for fake Brad Pitt. He asked her to pay customs duty over $9000 USD for luxury gifts, which she happily paid but received nothing in return. To make it worse, the scammers used deepfake videos of Brad Pitt and created a false story of being admitted to a hospital for kidney cancer treatment. She paid over $800k for his treatment.

Anne shared all these details in an interview with TF1, the French news broadcast channel. Her lack of cyberawareness has robbed her of her entire life savings. Besides, her ignorance is termed sheer stupidity, and people are mocking her feelings for fake Brad Pitt.