Fake Subscription Renewal Phishing on YouTube
Phishing emails and messages impersonating YouTube Premium billing or channel membership renewals direct users to credential-harvesting sites designed to look exactly like Google account login pages.
Part of: Fake Subscription Renewal Phishing
Last reviewed: 1 June 2026
YouTube Premium and channel memberships are widely used subscription products tied to Google accounts. Phishing operators craft renewal notices that mimic Google's email design almost perfectly, targeting users who have come to expect routine billing communications.
Because a YouTube Premium phish goes after Google credentials rather than just one service account, successful attacks can compromise Gmail, Google Drive, Google Pay, and all other linked services simultaneously.
How this scam works on YouTube
Users receive an email warning that their YouTube Premium payment has failed or their channel membership is about to expire. The message uses Google's brand colours, logos, and email format, and includes a 'Fix now' or 'Update payment' button. The link leads to a fake Google login page that captures credentials, which are then used to take over the Google account.
Alternately, YouTube comment sections on popular videos are seeded with comments from impersonator accounts warning viewers that their 'YouTube account has an issue' and to click a link for resolution. These comment-based attacks target less security-savvy users.
Common red flags
- Email warning that your YouTube Premium payment failed — sender is not @google.com
- YouTube comment from an account with a Google or YouTube logo as its avatar directing you to an external link
- Login page after clicking the email link uses a domain other than accounts.google.com
- Message creates urgency with a 24–48 hour account suspension threat
- Email asks you to re-enter your password in addition to payment details
- Google account page shows no payment failure when checked directly
How to protect yourself
- Go to myaccount.google.com directly to check any payment or subscription issues — never through email links
- Use a password manager that auto-fills only on verified domains — it will not fill credentials on a phishing site
- Enable Google's Advanced Protection or two-factor authentication on your Google account
- Report suspicious comments in YouTube by clicking the three-dot menu next to the comment
- Verify the sender email address of any Google billing notice carefully
How to report it
- Report phishing emails impersonating Google to [email protected]
- Use YouTube's 'Report' function on any comments directing users to external login pages
- File a complaint with the Anti-Phishing Working Group at [email protected]
Frequently asked questions
If a scammer got my Google credentials through a YouTube phish, what should I do immediately?
Go to myaccount.google.com/security and change your password immediately, review active sessions, and enable two-factor authentication. If you cannot log in, use Google's account recovery process without delay.