Watch out for bogus YouTube Music Key emails!

Graham Cluley

Beware bogus YouTube Music Key emails

Music keyPardon my ignorance (maybe I missed the ad?) but I wasn’t previously aware that Google had introduced a way of listening to music ad-free in the form of YouTube Music Key.

That all changed, however, when I received this spam email message, claiming that my six-month trial was over and that I was about to be charged almost ten euros a month:

Youtube music key spam

Part of the email reads:

Thanks again for subscribing to YouTube Music Key. Your free 6-month trial has ended, and you’ll be charged € 9.77/month starting today. Your receipt for your first payment is below.

It’s easy to imagine, though, how the red mist could rise in some folks’ eyes as they imagine they are about to be charged for a service they don’t use, and weren’t ever aware that they had signed up, and that they might click on the links without taking proper care.

Because, of course, the links don’t go to a Google or YouTube webpage. And what lurks at the other end could be a phishing page, or a webpage hosting malicious code or a drive-by download.

You simply don’t know until you click on it. But you *can* hover your mouse over the link and tell if it’s going to take you directly to Google/YouTube or not.

If more people applied a little caution, rather than letting outrage drive their mouse-clicking, the internet would surely be a safer place.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Watch out for bogus YouTube Music Key emails!”

  1. About the last part…one problem I have with most e-mails sent by a website and not a person is that you can't tell where any link leads by highlighting it; It's always some giant hash-like number-letter thing instead of displaying the webpage where the user will be sent.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES