{"id":69942,"date":"2026-02-17T17:48:01","date_gmt":"2026-02-17T16:48:01","guid":{"rendered":"https:\/\/ekiwi-blog.de\/69942\/achtung-phishing-collabdrm-copyright-warning-on-youtube\/"},"modified":"2026-02-17T20:51:25","modified_gmt":"2026-02-17T19:51:25","slug":"achtung-phishing-collabdrm-copyright-warning-on-youtube","status":"publish","type":"post","link":"https:\/\/ekiwi-blog.de\/en\/69942\/achtung-phishing-collabdrm-copyright-warning-on-youtube\/","title":{"rendered":"Phishing: CollabDRM Copyright Warning on YouTube"},"content":{"rendered":"<p>Well-executed phishing for YouTube account data. Fake in the name of a copyright notice. A copyright warning in your inbox about a YouTube video is really annoying, especially when you can&#8217;t just delete it unread. <\/p>\n<p>Basically, it&#8217;s very unlikely that our videos infringe copyright, as we create and record all the content ourselves without using music. Nevertheless, a false suspicion can damage your YouTube account. So, now to the email! <\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of content<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/ekiwi-blog.de\/en\/69942\/achtung-phishing-collabdrm-copyright-warning-on-youtube\/#Video\" >Video<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/ekiwi-blog.de\/en\/69942\/achtung-phishing-collabdrm-copyright-warning-on-youtube\/#CollabDRM_Copyright_Warning_on_YouTube\" >CollabDRM Copyright Warning on YouTube<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/ekiwi-blog.de\/en\/69942\/achtung-phishing-collabdrm-copyright-warning-on-youtube\/#Copyright_check_on_YouTube\" >Copyright check on YouTube<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/ekiwi-blog.de\/en\/69942\/achtung-phishing-collabdrm-copyright-warning-on-youtube\/#We_click_on_the_link\" >We click on the link<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/ekiwi-blog.de\/en\/69942\/achtung-phishing-collabdrm-copyright-warning-on-youtube\/#Log_in_to_Google\" >Log in to Google<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/ekiwi-blog.de\/en\/69942\/achtung-phishing-collabdrm-copyright-warning-on-youtube\/#The_domain_collabdrmdigital\" >The domain collabdrm.digital<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/ekiwi-blog.de\/en\/69942\/achtung-phishing-collabdrm-copyright-warning-on-youtube\/#Conclusion_Perfidious_deception_with_a_system\" >Conclusion: Perfidious deception with a system<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Video\"><\/span>Video<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><iframe loading=\"lazy\" width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/_3Bf9tIgJ4w?si=BEE3ACjyGQGG5NLE\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/p>\n<h2><span class=\"ez-toc-section\" id=\"CollabDRM_Copyright_Warning_on_YouTube\"><\/span>CollabDRM Copyright Warning on YouTube<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The email is well done. Upon closer inspection, you can see that the email came from &#8220;mail.lawhelp.org&#8221;. That&#8217;s strange. In terms of content, the email looks professional. The image from the video and the design are appropriate, and the company CollabDRM does exist.<\/p>\n<p>We become suspicious because the reply to the email is supposed to go to &#8220;info@collabdrm.com&#8221;, but at the bottom of the email, &#8220;support@collabdrm.digital&#8221; is listed as the email address.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_1.webp\" alt=\"\" width=\"1001\" height=\"840\" class=\"aligncenter size-full wp-image-69926\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_1.webp 1001w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_1-300x252.webp 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_1-768x644.webp 768w\" sizes=\"auto, (max-width: 1001px) 100vw, 1001px\" \/> <\/p>\n<blockquote><p>\nWe have identified that your video contains content managed by CollabDRM. As your usage infringes upon our copyright, we are compelled to address this matter with you. <\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"Copyright_check_on_YouTube\"><\/span>Copyright check on YouTube<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>First, let&#8217;s check if there are any notifications in the YouTube dashboard. As expected, there aren&#8217;t any. If there were, then it would at least be possible that the email is legitimate. Since the video only contains footage that we created ourselves, the email is fake!<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_2.webp\" alt=\"\" width=\"796\" height=\"447\" class=\"aligncenter size-full wp-image-69928\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_2.webp 796w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_2-300x168.webp 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_2-768x431.webp 768w\" sizes=\"auto, (max-width: 796px) 100vw, 796px\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"We_click_on_the_link\"><\/span>We click on the link<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p> To solve the problem, we are supposed to click on a link to access the dashboard. Normally, we should not do this. We do it anyway and are redirected to the website. Interestingly, our email address appears in the subject line. <img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_3.webp\" alt=\"\" width=\"775\" height=\"351\" class=\"aligncenter size-full wp-image-69930\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_3.webp 775w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_3-300x136.webp 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_3-768x348.webp 768w\" sizes=\"auto, (max-width: 775px) 100vw, 775px\" \/><\/p>\n<p>The video also appears, along with our channel name, which suggests that the phishers have deliberately created a page here to lure us into a trap. If we enter a different email address, only an error message appears.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_4.webp\" alt=\"\" width=\"872\" height=\"848\" class=\"aligncenter size-full wp-image-69932\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_4.webp 872w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_4-300x292.webp 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_4-768x747.webp 768w\" sizes=\"auto, (max-width: 872px) 100vw, 872px\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"Log_in_to_Google\"><\/span>Log in to Google<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p> There is a link on the page; if we click on it, a supposed Google login window opens. The Russian script in the title is a definite cause for suspicion. Otherwise, it&#8217;s well done: our browser is recognised, the address bar shows Google, there&#8217;s a green padlock \u2013 everything&#8217;s fine, right?<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_5.webp\" alt=\"\" width=\"612\" height=\"398\" class=\"aligncenter size-full wp-image-69934\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_5.webp 612w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_5-300x195.webp 300w\" sizes=\"auto, (max-width: 612px) 100vw, 612px\" \/><\/p>\n<p>If we switch to the developer options, we can see that the window is created and displayed within the page. In short, the information is fake; we are not on the Google page. <strong>Anyone who enters their login details here is handing them over to the scammers<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_6.webp\" alt=\"\" width=\"1188\" height=\"745\" class=\"aligncenter size-full wp-image-69936\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_6.webp 1188w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_6-300x188.webp 300w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_6-1024x642.webp 1024w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_6-768x482.webp 768w\" sizes=\"auto, (max-width: 1188px) 100vw, 1188px\" \/><\/p>\n<h3><span class=\"ez-toc-section\" id=\"The_domain_collabdrmdigital\"><\/span>The domain collabdrm.digital<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p> Let&#8217;s take a closer look and check the domain &#8220;collabdrm.digital&#8221; via Whois. Here we find the next strong indication of suspicion: the domain was only registered a few days ago. If we google the real company, we find that it has the domain &#8220;https:\/\/www.collabdrm.com&#8221;. <\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_7.webp\" alt=\"\" width=\"465\" height=\"323\" class=\"aligncenter size-full wp-image-69938\" srcset=\"https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_7.webp 465w, https:\/\/ekiwi-blog.de\/wp-content\/uploads\/2026\/02\/collab_7-300x208.webp 300w\" sizes=\"auto, (max-width: 465px) 100vw, 465px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion_Perfidious_deception_with_a_system\"><\/span>Conclusion: Perfidious deception with a system<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p> This case impressively shows that phishing is no longer just about faulty mass emails. The attackers rely on targeted <strong>social engineering<\/strong> and a technically sophisticated staging: <\/p>\n<ul>\n<li><strong>Targeted intimidation:<\/strong> The topic of &#8220;copyright infringement&#8221; puts pressure on users to act quickly and rashly in order to protect their own channel. <\/li>\n<li><strong>High degree of personalisation:<\/strong> The fact that the user&#8217;s own channel name and even the specific video appear on the fake page suggests a dangerous legitimacy. <\/li>\n<li><strong>Technical deception:<\/strong> The use of a replica browser window (including a fake address bar and SSL lock) within the website is a sophisticated method of lulling even cautious users into a false sense of security. <\/li>\n<\/ul>\n<p> <strong>The most important lessons from this case:<\/strong> <\/p>\n<ol>\n<li><strong>Always check at the source:<\/strong> Never use links in emails when receiving warnings about platforms such as YouTube. Instead, always go directly to the official dashboard in your browser. If there is no message there, the email is 100% fake.\n<li><strong>Checking the sender is a must:<\/strong> Discrepancies between the sender domain (lawhelp.org), the reply address and the linked target domain (.digital instead of .com) are immediate warning signs.\n<li><strong>Use Whois data:<\/strong> A glance at the registration date of a domain immediately exposes &#8220;fresh&#8221; scam sites. <\/li>\n<\/ol>\n<p> Trust is good, but manual verification in the official account backend is vital for the security of your digital identity.<\/p>","protected":false},"excerpt":{"rendered":"<p>Well-executed phishing for YouTube account data. Fake in the name of a copyright notice. A copyright warning in your inbox<\/p>\n","protected":false},"author":1,"featured_media":69941,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1552],"tags":[1656,1590,1602,3801],"class_list":["post-69942","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-internet-en","tag-phishing-en","tag-scam","tag-security-en","tag-youtube-en"],"_links":{"self":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts\/69942","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/comments?post=69942"}],"version-history":[{"count":0,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/posts\/69942\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/media\/69941"}],"wp:attachment":[{"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/media?parent=69942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/categories?post=69942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ekiwi-blog.de\/en\/wp-json\/wp\/v2\/tags?post=69942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}