Hi everyone! I want to share my experience recovering my hacked Google and YouTube accounts after falling victim to a phishing scam.
I run a YouTube channel with around 33,000 subscribers and regularly get sponsorship offers. Most are legitimate, but one recent email turned out to be a sophisticated phishing attempt that cost me dearly.
What happened:
I received what appeared to be a genuine sponsorship inquiry. The sender had spoofed an existing company’s identity perfectly. Their domain, website, and business details all checked out initially.
They sent me an executable file claiming it contained campaign details. Big mistake on my part - I downloaded and ran it. Nothing seemed to happen, but within hours I was locked out of everything.
The malware gave them complete access to my system. They changed my Gmail password, backup emails, two-factor authentication, and even my recovery phone number.
Recovery steps that worked:
For YouTube: I contacted @TeamYouTube on Twitter and got an immediate response. They noticed suspicious activity (the hacker was streaming crypto scams) and temporarily suspended my channel for protection.
For Gmail: I used Google’s help chat feature and selected the “account compromised” option. This connected me directly with their security team.
Both teams provided special recovery links that bypassed the normal verification steps since the hacker had changed everything.
Important discovery:
After regaining access, I found two hidden backdoors:
Channel Manager Access: The hacker had added themselves as a manager on my YouTube channel
Family Link: They added my account as a “child” in their Google Family group, giving them parental control over my account
Removing the family link required another support ticket since there’s no normal way to escape this situation.
Final steps:
Factory reset my computer and phone
Changed every password again
Set up fresh 2FA on all accounts
Ran YouTube’s account cleanup tool to reverse unauthorized changes
The whole process took about 20 hours from start to finish. Hope this helps anyone dealing with a similar nightmare!
wow, that’s super scary! glad u managed to recover fast tho. didn’t know about the family link thing - kinda genius but so dangerous for us users! def gonna be more cautious with exe files moving forward. appreciate the heads up!
Same thing happened to my business account eight months ago. The crypto streaming thing you mentioned - yeah, that’s their main money maker now. They also set up auto-replies to my emails so I wouldn’t notice what was happening while they worked. Your recovery process sounds identical to mine, except I totally missed the family link backdoor at first. Dealt with random lockouts for weeks because of that. Pro tip I learned the hard way: check your Google Takeout settings after you get back in. These guys often turn on data exports to systematically steal everything. Also, they’ll sell your recovered accounts on dark web forums, so definitely change all your banking and payment passwords. Really opened my eyes to how exposed we are as content creators. Our whole income depends on these platforms and we’re sitting ducks for targeted attacks.
Same thing happened to me about a year ago. These guys love using executable files now because they slip right past email filters. The hidden family link thing is genius - they pulled something similar on me but used Google Workspace delegation instead. Basically gave themselves admin access to my entire Google account without me knowing. Your recovery steps are spot on. I had to jump through extra hoops with Google’s identity verification, but same basic process. Pro tip: dig deep into your Google Activity dashboard during cleanup. These attackers turn on location history and web tracking to study your patterns for future hits. They’re literally building playbooks on content creators to make their phishing more believable. 20 hours for full recovery is insane - took most people I know several days minimum. Every monetized channel owner needs to read this post.
Thanks for the detailed writeup. Same thing happened to me last year with my business Gmail - clicked a sketchy invoice link that looked legit. These guys were smart - they set up email forwarding to an outside address so they could watch my recovery attempts in real time. Lucky I had a backup admin account I barely used but still had full Workspace access. Took me three days though, way longer than yours. I wasted time with the standard recovery stuff before figuring out I needed to contact support directly. Heads up - attackers usually enable IMAP to download your entire email history, so definitely check for unauthorized app permissions when you’re cleaning up. You’re spot on about the hidden backdoors - they absolutely try to keep access through multiple ways.
There are a lot of untrue recommendations and impostors, its hard to tell who is legit. If you have been scammed by fake crypto investors, lost money to scammers, I refer you to contact (RECOVERY SCAM CRYPTO {aT} G} maiill .c o m / they will surely help you out. Took me long to find them.