Influencer Brand Collab Phishing via Email
Phishing emails posing as brand partnership inquiries target content creators with fake collaboration offers, leading to credential harvesting, advance payment fraud, or malicious attachment delivery.
Part of: Influencer Brand Collaboration Phishing
Last reviewed: 1 June 2026
Most creators keep a public business email for brand inquiries, making email the other primary attack surface for influencer collaboration phishing alongside Instagram DMs. A well-crafted email — using a real brand's logo, a plausible representative's name and title, and coherent campaign language — can be nearly indistinguishable from a legitimate approach.
Email-based phishing has the additional risk of malicious attachments: fake contracts, briefs, or product catalogues that install malware when opened, giving the attacker access to the creator's device and all accounts accessed from it.
How this scam works on Email
A creator receives an email purportedly from the marketing department of a recognisable consumer brand, expressing interest in a paid collaboration. The email is formatted professionally with the brand's logo and references a specific campaign name. Attached is a 'brief' or 'partnership proposal' — a document that, when opened, exploits a software vulnerability or prompts the creator to enable macros, delivering malware.
In credential-harvest variants, the email contains a link to an 'influencer portal' where the creator logs in with their Instagram, YouTube, or TikTok credentials to submit their media kit. This portal captures all entered credentials.
Advance payment variants send a seemingly legitimate contract and wire transfer notification, then request that the creator purchase gift cards, equipment, or promotional materials before the campaign begins — funds that are never reimbursed.
Common red flags
- Brand email arriving from a domain that is not the brand's official corporate domain
- Attachment described as a brief or contract that prompts security warnings or macro-enabling on opening
- Link to an 'influencer portal' requesting social media login credentials
- Advance purchase requirement before payment has been confirmed via a verifiable corporate process
- Campaign described in unusually vague terms with no specific product, date, or deliverable
- Representative name and title that cannot be verified on the brand's official website or LinkedIn
How to protect yourself
- Verify the sending domain against the brand's official website before opening any attachment or clicking any link
- Open email attachments only from senders whose identity you have independently verified
- Never log in to a third-party influencer portal linked in an email — navigate to platforms directly via your browser
- Use a dedicated business email address to limit the exposure of personal accounts
- Enable email security features that scan attachments before download and flag spoofed sender domains
- Maintain up-to-date security software on devices used to open creator-related emails
How to report it
- Forward the phishing email to the brand's official security or abuse address if one is publicly listed
- Report the email to your email provider as phishing so the sending address and domain can be flagged
- File a complaint with your national cybercrime unit if malware was delivered or financial loss occurred
Frequently asked questions
What does a legitimate brand collaboration email look like?
A genuine brand outreach email comes from a verifiable corporate domain, references a specific campaign with clear deliverables and timelines, and does not ask for credentials or advance purchases. The representative is findable on the brand's official LinkedIn or website. When in doubt, call the brand's marketing department via a number found on their official website.