Creator Collab Phishing Scam
A fake collaboration proposal from a supposed fellow creator or platform partner leads to a spoofed login page that steals account credentials and hands over full account control.
Last reviewed: 5 July 2026
What this scam is
This is a targeted phishing attack disguised as a business opportunity: a cross-promotion, shoutout swap, joint content collaboration, or platform-partnership invitation. Because collaborations are a completely normal part of a creator's growth strategy, the pretext does not raise the same suspicion a generic phishing email would.
The attack's actual goal is credential theft — getting the creator to enter their platform username and password (and sometimes two-factor codes) into a fake login page that is visually identical to the real one. Once obtained, the credentials are used immediately to take over the account.
Account takeover in this context is especially damaging because the account often controls both the creator's income (subscriptions, tips, payouts) and their audience relationship (subscriber messages, content history), giving the scammer leverage to redirect payments, extort the original owner, or defraud subscribers directly.
How it works
Contact arrives via DM or email, impersonating either a fellow creator proposing a collaboration or a platform representative offering a partnership, verified badge, or promotional feature. The message includes a link framed as necessary to 'confirm details', 'accept the collab request', or 'verify eligibility'.
The link leads to a cloned login page — often hosted on a domain that looks almost identical to the real platform's, sometimes with a single altered character. The creator, believing they are logging into their own dashboard to proceed with the opportunity, enters their username and password, and in more sophisticated versions, is also prompted for a two-factor code, which the scammer relays in real time to the real login page.
Within minutes of credential capture, the scammer logs into the real account, changes the recovery email and password to lock the original owner out, and often changes payout details to redirect earnings before the creator can regain access or alert the platform.
Why this scam works
The collaboration pretext works because it maps onto a real, desirable, and common activity for creators — being approached for a partnership feels like an opportunity, not a threat, which lowers the scrutiny applied to a login link. Visual cloning of the login page defeats the casual glance most people use to judge a page's legitimacy; only the URL itself reveals the deception, and few people check it closely when they believe they're mid-conversation with a known contact.
Speed is also a factor: because the entire attack — link click, credential entry, account takeover — can happen within minutes, there is often no window for the creator to notice something is wrong before the damage is done.
A typical pattern
A creator receives a message from what looks like another creator or a platform partnership team, proposing a cross-promotion or collaboration. To 'set up the collab', the creator is asked to click a link and log in to what looks exactly like their platform's dashboard. The login page is a fake, and entering credentials there hands them straight to the scammer, who logs into the real account within minutes, changes the recovery email and payout details, and locks the original creator out.
Common red flags
- Collaboration proposal includes a login link rather than direct conversation
- URL is a near-identical but altered version of the real platform's domain
- Message requests a two-factor code be shared or re-entered elsewhere
- Urgency to 'confirm' or 'accept' the opportunity within a short window
- Login page looks correct but was reached via an external link, not direct navigation
- Sender cannot be verified through an independent, known channel
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
Hey, love your content — let's do a collab! Just confirm your details here: [link]
You've been selected for our creator partnership program, log in here to accept: [link]
Congrats on your growth! Click below to claim your verified badge before the offer expires.
We need to verify your account for the collab, please enter the code we just sent to complete login.
Common variations
- Fake platform partnership or verified-badge offer requiring login to 'confirm eligibility'
- Impersonated fellow creator proposing a shoutout swap with a phishing link
- Fake two-factor prompt that relays your real-time code to the scammer's login attempt
- Phishing page cloned to also request payout/banking details after login
- Follow-up 'account recovery' scam targeting creators who already lost access, offering fake help for a fee
How to verify before you act
Never log in to your platform account via a link sent in a DM or email — always navigate to the platform directly by typing the address or using a saved bookmark. Check the URL character-by-character before entering credentials anywhere, and treat any unexpected login prompt during a conversation as suspicious by default.
Verify a collaboration proposal by contacting the other creator or platform through an independently confirmed channel — their known official account or the platform's published support contact — rather than replying to the message that initiated contact.
Payment methods used
- Not a direct-payment scam — impact is account takeover and diverted earnings
Who is usually targeted
- Creators seeking collaboration opportunities
- Growing accounts attractive for takeover
- Creators unfamiliar with phishing tactics
What to do immediately
- If you entered credentials on a suspicious link, immediately try to log in and change your password on the real platform
- Contact the platform's support/security team immediately to report a suspected takeover
- Check and reverse any changes to payout details, recovery email, or two-factor settings
- Revoke active sessions/logged-in devices from your account security settings
- Alert your subscribers if the account was used to message them fraudulently
- Change passwords on any other accounts using the same password
How to prevent it
- Never click login links sent via DM or email; navigate to the platform directly
- Check the URL carefully before entering any login credentials
- Verify collaboration proposals through an independently confirmed contact channel
- Enable two-factor authentication using an authenticator app rather than SMS where possible
- Use a password manager, which will not autofill credentials on a spoofed domain
- Set up account recovery options and check them are current before you need them
Evidence to preserve
- The original message and any link sent
- Screenshots of the phishing page URL if still accessible
- Timeline of when access was lost and any changes made to the account
- Any communications from the platform's support team
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
How can I tell a phishing login page from the real one?
Check the URL character by character rather than relying on the page's visual appearance, which can be cloned exactly. The safest approach is to never follow a login link from a message at all — navigate to the platform directly instead.
What should I do if my account has already been taken over?
Contact the platform's official support or security team immediately, attempt to regain access and reverse any changes to payout or recovery settings, and warn your subscribers if the account was used to contact them.
Does two-factor authentication fully protect against this?
It significantly raises the difficulty, but sophisticated phishing pages can relay two-factor codes in real time. An authenticator app is more resistant to this than SMS codes, but the strongest protection is never entering credentials via a link from a message.