Fake TikTok Copyright Strike Account Threat Phishing
Phishing emails impersonating TikTok's rights team warn creators that multiple copyright strikes have been filed against their account, with a 48-hour window to appeal via a link that harvests TikTok credentials.
Part of: Copyright Strike & Takedown Phishing
Last reviewed: 8 June 2026
TikTok's automated content moderation can and does remove videos for music licensing violations, a reality that creators are well aware of. Scammers exploit this awareness by sending fake copyright-strike notices that mimic TikTok's real enforcement emails with alarming accuracy.
The fraudulent notice typically states that two or three copyright violations have been flagged on the creator's account and that a third strike will result in permanent account removal. It provides a bright 'Appeal Now' button and a countdown clock reinforcing the urgency. For a creator whose livelihood or brand depends on their TikTok presence, the prospect of permanent removal is genuinely frightening.
The appeal form requests the creator's TikTok username and password to 'verify account ownership'. After submitting, the creator is shown a fake 'appeal submitted' screen while the attacker uses the stolen credentials to lock down the account.
How this scam works on the TikTok brand
TikTok sends genuine copyright enforcement notifications through the TikTok app — accessed at Profile > Settings > Support > Report a problem — and to the email address associated with the account from @tiktok.com domains. Genuine TikTok copyright appeals are handled within the app itself; creators are never directed to an external website to enter their password.
The fake email uses TikTok's exact colour scheme, the distinctive logo, and official-sounding legal language referencing the Digital Millennium Copyright Act. The email may reference actual recent content the creator posted — assembled from publicly visible TikTok metadata — to add specificity.
After credential theft, the attacker renames the account, changes the recovery email, and either sells the account or uses it for further scams. Creators with large followings are especially targeted because their accounts have commercial value.
Common red flags
- A copyright-strike email comes from an address that is not @tiktok.com — look at the actual From domain.
- The appeal link goes to a page other than tiktok.com — look carefully for lookalike domains.
- The appeal form asks for your TikTok password — TikTok's genuine dispute process does not require this.
- A countdown timer threatens permanent deletion within 24 or 48 hours.
- The email claims multiple copyright strikes have been filed in rapid succession.
- The email arrives late at night or at an unusual time designed to catch you off-guard.
How to protect yourself
- Check all copyright notifications directly in the TikTok app at Profile > Settings > Support > Report a problem or in your in-app notifications.
- Never enter your TikTok credentials on any website reached via an email link.
- Enable TikTok two-step verification at Profile > Settings > Security > Two-Step Verification.
- If you are a creator, bookmark TikTok's official Creator Support at tiktok.com/creators/creator-portal/en-us/ as your reference.
- If you submitted your credentials, change your TikTok password immediately and check that your account email has not been altered.
- Review recently logged-in devices at Profile > Settings > Security > Devices.
How to report it
- Report the phishing email to TikTok at [email protected].
- Report the fraudulent URL to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/.
- If your account was compromised, contact TikTok through the app's Help Center or at tiktok.com/legal/report/feedback.
- Report to the FTC at ReportFraud.ftc.gov (US) or Action Fraud at actionfraud.police.uk (UK).
Frequently asked questions
How does TikTok handle genuine copyright violations?
TikTok notifies creators through in-app notifications and emails from @tiktok.com. You can file a counter-notification within the TikTok app. No TikTok copyright process directs you to an external website requiring your password.
Does TikTok delete accounts immediately after multiple copyright strikes?
TikTok's enforcement process involves multiple notification steps and an opportunity to appeal before account removal. There is no legitimate 48-hour ultimatum sent via a cold email with a sign-in link.
Can I recover my TikTok account after it was hijacked via a phishing attack?
Yes. Use 'Forgot password' at tiktok.com/login with your phone number. If the recovery email and phone were changed, contact TikTok Support through a secondary device and provide account verification details.