Phishing Scams on YouTube
YouTube comment sections, community posts, and creator impersonators are used to deliver phishing links that steal Google account credentials and personal data.
Part of: Phishing
Last reviewed: 1 June 2026
YouTube is deeply linked to Google accounts, making it a prime phishing target. A successful attack on a creator's YouTube account also compromises their Google account, with access to Gmail, Drive, and other services. Phishing attacks arrive through automated DMs to creators, fake copyright-strike emails designed to rush account re-authentication, and malicious links posted in comment sections.
Viewers as well as creators are targeted: phishing links in comment sections, pinned by compromised channels, or embedded in video descriptions can harvest the credentials of users who click them.
How this scam works on YouTube
Creators receive emails warning of a copyright strike or monetisation issue and directing them to 're-verify' their account through a page that harvests credentials. Compromised creator accounts are then used to post crypto scams or run fake live streams. Viewers encounter phishing through comment links claiming to offer free subscriptions, exclusive downloads, or access to content behind a login wall.
Community tab posts on large channels are sometimes used to post phishing links after the channel is compromised, exploiting the trust built with subscribers.
Common red flags
- Email warning of a YouTube copyright issue containing a link to re-authenticate
- Comment or community post from a large channel directing you to log in at an unfamiliar URL
- Video description link offering a free download or exclusive tool at an unknown domain
- DM from another creator containing a collaboration proposal with a link to 'review terms'
How to protect yourself
- Access your YouTube/Google account settings only through the official Google login page
- Enable two-step verification on your Google account
- Verify any copyright or account-issue notification by logging in directly through your browser, not through the email link
- Be cautious about any comment link offering free tools or exclusive access
How to report it
- Report phishing links in YouTube comments via the flag option on the comment
- Report to Google's phishing report page
- If credentials were compromised, use Google's account-recovery process immediately
Frequently asked questions
How do I know if a YouTube copyright strike email is real?
Log in to YouTube Studio directly by navigating to studio.youtube.com in your browser — do not use the link in the email. Genuine copyright issues appear in the dashboard. If nothing shows there, the email was almost certainly a phishing attempt.