Social Media & Account Takeover

Fake 'apply for your blue tick' messages that harvest account credentials or charge fees for a badge that never arrives.

Fake copyright or community-standards notices that panic creators into handing over account credentials or paying to 'resolve' the strike.

Messages that appear to come from a trusted contact whose account has been compromised, used to request money, gift cards, or personal information.

Fake 'recovery specialists' who charge fees or steal credentials while pretending to help restore a locked or hacked account.

Fraudulent offers to enrol creators in monetisation programmes, ad revenue sharing, or brand fund access — all requiring upfront fees or credential submission.

Counterfeit brand partnership offers that harvest credentials, extract fees, or obtain personal data under the guise of a paid sponsorship deal.

Services selling artificial followers, likes, or comments that deliver bot accounts, steal credentials, or enable ongoing billing fraud.

Fake 'Sign in with [Platform]' buttons and malicious OAuth app authorisations that harvest tokens granting persistent access to your account.

Duplicate profiles built using your public photos and name to scam your contacts or tarnish your reputation.

Notices claiming your account has been suspended, directing you to external appeal pages that steal credentials or charge fees.

Fake prize notifications sent by DM that lead to credential-phishing pages or trick winners into authorising malicious apps.

Malware and malicious browser extensions that steal active session cookies, bypassing passwords and two-factor authentication entirely.

Multi-step attacks that manipulate victims into disabling or handing over their two-factor authentication to complete an account takeover.