Giveaway DM Takeover Scams on TikTok
Fake prize notifications sent via TikTok DM trick creators and viewers into entering credentials on phishing sites, leading to account hijacking that spreads the scam to the victim's followers.
Part of: Giveaway DM Takeover Scams
Last reviewed: 1 June 2026
TikTok's fast-growing creator economy has created a large population of users who actively participate in giveaways and brand promotions. Fraudsters exploit this participation culture by distributing fake prize notifications through TikTok's DM system, blending in with genuine creator giveaway activity that users are accustomed to seeing.
The viral nature of TikTok content means a compromised account can reach enormous audiences rapidly, making each successful takeover a high-value asset for spreading further scam activity.
How this scam works on TikTok
A TikTok DM arrives from an account appearing to belong to a well-known creator or brand, announcing that the recipient has been randomly selected as a giveaway winner. A link in the message leads to a phishing page mimicking TikTok's login interface where the recipient enters their credentials.
Alternatively, comments on popular videos are flooded with a message claiming viewers have been selected for a prize, with a link to a DM or external site. Users who follow up receive the credential-harvesting link.
The compromised account is quickly weaponised to reach the victim's followers with the same pattern, sending DMs or posting comments that continue the fraud chain. Content from the original creator is sometimes still published to avoid triggering immediate suspicion.
Common red flags
- DM announcing you have won a prize from a contest you do not remember entering
- Prize claim link that leads outside tiktok.com
- Comment on a popular video from a new account announcing winners and sharing a link
- Login page reached by following a prize link that is not tiktok.com
- DM that requests your phone number, email, or two-factor code to 'verify' your win
- Giveaway announcement from an account that has recently changed its username or profile photo
How to protect yourself
- Enable two-factor authentication on your TikTok account in Settings > Security
- Treat any giveaway win DM as suspicious and verify the giveaway by visiting the creator's official profile directly
- Never enter TikTok credentials on any site linked from a DM — TikTok login is only at tiktok.com
- Restrict your TikTok DMs to friends only in privacy settings to reduce unsolicited contact
- Report suspect DMs and accounts to TikTok using the in-app report function
- If you entered credentials on a phishing page, change your TikTok password and linked email immediately
How to report it
- Report the offending account to TikTok using the in-app 'Report' function
- Report the phishing URL to your browser's phishing-protection provider
- File a cybercrime report with your national authority if your account was taken over and used to cause harm to others
Frequently asked questions
How do genuine TikTok creator giveaways work?
Real creator giveaways are announced publicly in the creator's videos or profile, typically require simple participation steps like following, commenting, or duetting, and winners are announced in follow-up content. They never send a link requesting your login credentials via DM.