High riskSocial Media Scams

YouTube Creator Scam

The YouTube creator scam targets channel owners with what looks like a brand sponsorship offer. The email or direct message proposes a paid partnership, then asks you to download a 'contract', 'media kit' or piece of software to review. The file is actually an info-stealer that can grab your saved passwords and session cookies, letting attackers take over your channel and bypass two-factor authentication. Verifying sponsors carefully and never downloading unknown files are the key defences.

Quick verdict

Risk level

High risk

Scam type

Malware sponsorship scam

Main red flag

A sponsorship offer that requires you to download and run a file, such as a contract, demo or software, before any real discussion.

What to do first

Do not download or open the file. Independently verify the brand by contacting it through its official website, not the details in the message.

What this scam usually looks like

Example message pattern

Example pattern — not a real report

Example pattern: 'Hi! We love your content and want to sponsor your channel for a 4-figure fee. Please download and review our partnership contract and brand assets in the attached archive, then run our preview tool to see the campaign. Sign within 24 hours to secure the slot: [suspicious link]'

This is a fictional, anonymised example used to illustrate the pattern. It is not a verified real message, and any names are used only to show how the scam typically reads.

Red flags to watch for

An unexpected sponsorship offer that quickly pushes you to download a file, archive or 'preview tool'.
Files sent as password-protected archives (to slip past virus scanning) or unusual types like .exe, .scr or .iso.
Generous fees offered upfront with little interest in your audience, rates or content fit.
Pressure to act within hours or to sign immediately to 'secure the slot'.
Sender addresses or social accounts that imitate a real brand but use odd domains, misspellings or free email providers.

What to do

Treat any request to download and run a file as a serious warning sign and pause before doing anything.
Verify the brand independently by visiting its official website and contacting its marketing team through listed channels.
Ask to view contracts and media kits in your browser, for example as a standard online document, rather than downloading executables.
Keep your browser, system and security software updated, and store channel passwords in a reputable password manager.

If you already clicked or replied

Disconnect the device from the internet immediately to limit any data being stolen or sent out.
From a separate, trusted device, change your Google and YouTube passwords and sign out of all sessions.
Revoke active sessions and connected apps in your Google security settings, and re-confirm two-factor authentication and recovery details.
Run a full malware scan, and if you cannot fully clean the device, seek help from a trusted IT professional and contact YouTube support.

What not to do

Do not download or run contracts, demos or 'tools' sent by a sponsor you have not verified.
Do not rely on two-factor authentication alone, as info-stealers can capture session cookies that bypass it.
Do not reuse your channel password elsewhere or store it in plain text where malware could read it.

Similar scams

High risk Email

Malware Attachment Scam

In a malware attachment scam, an email arrives with a file posing as an invoice, receipt, CV, statement or delivery note. Opening the attachment, or clicking a prompt to 'enable content' or 'enable macros', can quietly install malware that steals passwords, banking logins or files. The message is often crafted to feel urgent or routine so you act before thinking. Treating every unexpected attachment with caution, and verifying it through a separate channel, is one of the most effective defences.

Medium risk Social Media

Instagram Collab Scam

A DM posing as a brand offers a paid collaboration or ambassador deal, then steers you toward a phishing link, an upfront 'starter kit' fee, or a request for your login or banking details.

Medium risk Social Media

Celebrity Impersonation DM Scam

This scam uses a direct message from an account posing as a celebrity or public figure to build a personal connection with a fan, then asks for money, gift cards, a 'membership fee', or details for a fake meet-and-greet or giveaway.

Frequently asked questions

How can a contract file take over my channel?

The file is often not a real contract but malware. Once run, an info-stealer can copy saved passwords and active session cookies from your browser, which may let an attacker access your channel without needing your password or two-factor code.

Are sponsorship offers ever genuine?

Yes, real brand deals exist. The difference is that legitimate sponsors are usually happy to verify themselves, discuss your audience and rates, and share documents through normal online tools rather than insisting you download and run software.

I have two-factor authentication on. Am I protected?

Two-factor authentication helps, but it is not foolproof here. Some malware steals the session cookie that proves you are already logged in, which can bypass the second step. That is why avoiding the download in the first place matters so much.

How do I verify a brand before replying?

Look up the brand's official website and contact its marketing or partnerships team directly. Check that the sender's email domain matches the real company, and be wary of free email addresses, misspelt domains and urgent deadlines.

Last reviewed: June 2026

Disclaimer: This page provides educational information only to help you recognise common scam patterns. It is not legal, financial, cybersecurity, or law enforcement advice, and it does not confirm whether any specific message, company, or person is genuine or fraudulent. When in doubt, contact the official organisation directly and report concerns to your local authorities.