Fighting game YouTuber now fighting Google over “monstrous” post-hack revenue loss.
Credit: via Capcom USA
For months, popular fighting game YouTubers have been under attack. Even the seemingly most cautious among them have been duped by sophisticated phishing attacks that hack their accounts to push cryptocurrency scams by convincingly appearing to offer legitimate sponsorships from established brands.
These scams often start with bad actors seemingly taking over verified accounts on X (formerly Twitter) with substantial followings and then using them to impersonate marketing managers at real brands who can be easily found on LinkedIn.
The fake X accounts go to great lengths to appear legitimate. They link to brands’ actual websites and populate feeds with histories seemingly spanning decades by re-posting brands’ authentic posts.
Approaching YouTubers from these accounts, the scammers offer sponsorships, sometimes engaging in prolonged discussions before eventually requiring YouTubers to submit a non-disclosure agreement (NDA). That’s when the phishing attack would strike, installing malware when users were asked to download a PDF or click a link to Docusign or an alternative. Within minutes of clicking, YouTubers lost their accounts, which for many meant losing their primary source of income.
Michael Townsend has published popular fighting game guides and reactions to the latest gaming news as “Rooflemonger” on YouTube for the past seven years. In that time, he’s gained more than 200,000 subscribers, posting thousands of videos and turning a hobby into a full-time job.
Everything was going great until crypto scammers hacked his account, posing as JBL Audio and removing his YouTube channel for days just as a new game from one of his favorite franchises, Virtua Fighter 6, was announced. His account has since been restored, as have most hacked accounts seemingly, but he missed out on a potentially lucrative news cycle, lost thousands of subscribers, and now has to repopulate old playlists that got deleted.
Ars Video
How Lighting Design In The Callisto Protocol Elevates The Horror
“I basically had a mental breakdown,” Townsend said in a YouTube video explaining how his account got hacked so that others can avoid his “pitfalls.”
Townsend is far from the only gamer who got hacked. In a post on X, another YouTuber named five other popular fighting game streamers whose accounts were also compromised. And in a YouTube video explaining “why every YouTuber is getting hacked,” a popular Street Fighter 6 gamer who said he was also a victim, “Brian_F,” suggested that “nearly half” of fighting game content creators have been affected.
Google did not respond to multiple requests to comment on the phishing scam, but a YouTube spokesperson did respond on X, explaining how YouTubers can get their channels back.
“When a channel is hacked, the first step is for the channel owner to reach out to Creator Support,” YouTube said. “If this creator has already reached out, we’re most likely already working on it (cases like this can take some time, so we really appreciate your patience).”
On YouTube, Townsend said that YouTube’s process for account recovery was tiresome. He had to contact YouTube “over and over and over and over” to “glacially” “get the ball rolling” while he watched his subscriber numbers fall. Once YouTube finally blocked the hacked account, that “stopped the bleeding,” he said, but he still seemingly has work to do to rebuild his credibility with YouTube’s algorithm after the hack.
Townsend told Ars that he is currently experiencing delays in processing new videos and, perhaps more urgently, believes that issues with the algorithm may be significantly decreasing his revenue on the platform. Townsend told Ars that while YouTube helped restore his channel, the 75 percent drop in income that he’s seeing “across the board” is “nothing out of the ordinary.” Ars reviewed a side-by-side comparison of video earnings before and after the hack to verify the “monstrous” drop in his earnings.
“I’m fighting with Google now,” Townsend told Ars. “I don’t expect any real answers from them.”
How YouTubers can avoid being targeted
As YouTube appears evasive, Townsend has been grateful for long-time subscribers commenting to show support, which may help get his videos amplified more by the algorithm. On YouTube, he also said that because “the outpouring of support was beyond anything” he could’ve expected, it kept him “sane” through sometimes 24-hour periods of silence without any updates on when his account would be restored.
Townsend told Ars that he rarely does sponsorships, but like many in the fighting game community, his inbox gets spammed with offers constantly, much of which he assumes are scams.
“If you are a YouTuber of any size,” Townsend explained in his YouTube video, “you are inundated with this stuff constantly,” so “my BS detector is like, okay, fake, fake, fake, fake, fake, fake, fake. But this one just, it looked real enough, like they had their own social media presence, lots of followers. Everything looked real.”
Brian_F echoed that in his video, which breaks down how the latest scam evolved from more obvious scams, tricking even skeptical YouTubers who have years of experience dodging phishing scams in their inboxes.
“The game has changed,” Brian_F said.
Townsend told Ars that sponsorships are rare in the fighting game community. YouTubers are used to carefully scanning supposed offers to weed out the real ones from the fakes. But Brian_F’s video pointed out that scammers copy/paste legitimate offer letters, so it’s already hard to distinguish between potential sources of income and cleverly masked phishing attacks using sponsorships as lures.
Part of the vetting process includes verifying links without clicking through and verifying identities of people submitting supposed offers. But if YouTubers are provided with legitimate links early on, receiving offers from brands they really like, and see that contacts match detailed LinkedIn profiles of authentic employees who market the brand, it’s much harder to detect a fake sponsorship offer without as many obvious red flags.
Brian_F said YouTubers seeking to be extra cautious moving forward should always check to see if an X account’s feed contains no original content. It would also likely be wise never to click a link or download a PDF to sign an NDA until a sponsorship is completely vetted.
LinkedIn profiles should also be reviewed with care, as AI could possibly be used to populate a fake profile. But at least one brand, Shure, has reported fake accounts on X and confirmed that real employees were impersonated to further the scheme. In a pinned thread on X, Shure warned YouTubers that they should “make sure any email correspondence with Shure comes from an @shure.com email address.”
Townsend said that he’s normally very picky about sponsorships and only does four or five a year. But he said that part of the success of the phishing tactic is that the scammers didn’t rush him to click a scam link right away. “We talked for a while,” Townsend said, and then “we progressed,” and “then it’s like, ‘Oh by the way, here’s a Docusign.'”
“Docusign is something I use quite a bit, so I didn’t think twice,” Townsend said. “And all it took was one click,” with “maybe a window of two minutes to act” and change passwords.
After that click, standard protections didn’t keep the hackers out. According to Townsend, Google’s filters didn’t flag the links as phishing, and because he was “session hijacked”—where hackers simply take over a legitimate user’s ongoing session—the two-factor authentication that might have kept bad actors out of his YouTube account wasn’t activated.
For Townsend, watching his YouTube videos seemingly deleted (but mercifully actually just hidden, marked private) and “crypto garbage scam videos going up” in their place was like watching his seven-year investment in his YouTube channel go down the drain.
While he works to get his channel back to generating the income he had before the attack, Townsend told Ars that he’s rejecting outside sponsorship offers now and probably won’t entertain any outside offers for years.
“No deal is worth the stress I dealt with,” Townsend told Ars.
