Hello [FIRST NAME GOES HERE],

2 different Creators got hacked by the same person.

How the hack started:
The attacker created a website that was an exact copy of an agency’s website called “The Shelf” which specializes in working with Fashion Influencers.
They contacted a fairly large Creator in the fashion niche with an offer to create a campaign for a brand.

No links. No attachment. All done via email.

Once the Creator agreed to the campaign, they asked her to send them a testimonial that they could use on their website.

The testimonial was not about the campaign but about how easy it was to work with the agency.

The Creator did exactly that.

Note that this Creator was NOT hacked.

What happened next:
The attacker used that video testimonial in a mass email sent to other Creators in the fashion niche. The email offered Creators the opportunity to collaborate with this large Creator.
They used the video as “social proof” that this well-known Creator worked with them.

2 Creators responded to that email.

They saw the video, they recognized the large Creator, and the sweetener was that they could arrange for this large Creator to collaborate with them on a video!

To set it up, they had to use their propriety video app that was launching soon and record a message to the large Creator.

When they installed that app….their data was stolen.

48 hours later, their channels were hacked.

The manipulation:
They are really great at social engineering and convinced both of these Creators to disable the anti-virus.
They said that because the app hasn’t officially launched yet, its a false positive:
“…we see this all the time. Just disable it [the anti-virus] so you can send your video message. It takes just a minute to do or we have to move on to the next YouTuber on our list”

Why this worked:
It worked because these 2 Creators were “smaller” and they really wanted to collaborate with this large creator.

There was time pressure and didn’t want to lose the opportunity just because of some stupid anti-virus message.
It made sense to them that if an app isn’t launched yet, the anti-virus didn’t know about it, so it flagged it.

The Lesson:
NEVER disable your anti-virus.

The anti-virus is built in a way that it doesn’t need to know about the app, it just looks for any behavior that is an anomaly like trying to encrypt your hard drive.

So heads up!

Keep safe out there,

The Security For Creators Team.

Was this sent to you? Sign up here.

Want to know how to secure your YouTube channel? Start here.