How do I spot a fake brand-deal email?
By Bridget · Updated May 2026 · Reviewed by Locket Security Team
★ the short answer
Spot a fake brand-deal email by checking the sender's real domain, hovering links before clicking, and refusing to download or open any attachment or “contract” you weren't expecting. The classic creator hack is malware hidden in a fake media kit or PDF that steals your session cookies — bypassing your password and 2FA entirely.
What are the red flags of a fake brand-deal email?
Watch for a sender address that doesn't match the real company domain, urgency or pressure to act fast, requests to download a file or click a shortened link, slightly-off logos and grammar, and offers that are too generous for your size. Real brands rarely require you to open an executable or a password-protected archive.
How does a sponsorship email actually hack me?
Many creator hacks come from malware in a fake “contract,” “media kit,” or “product sample” file. Opening it installs an infostealer that grabs your browser session cookies — letting the attacker log into YouTube or Instagram as you, sidestepping your password and 2FA. That's why never opening unexpected files matters so much.
How do I vet a brand deal safely?
Verify the company independently: visit their official site and contact a known address, rather than replying to the email. Look up the employee on LinkedIn. View documents in your browser (Google Docs preview) instead of downloading. When in doubt, ask for a video call — scammers usually won't.
Frequently asked
- Not automatically. Scammers fake these too. Don't log in through a link in the email; open DocuSign or Drive yourself and check your account, or preview the file without entering any credentials.
- Disconnect from the internet, run a malware scan, change your key passwords from a different clean device, and sign out all sessions on your accounts to invalidate any stolen cookies. Then enable a passkey or security key.
Want a human in your corner?
Locket Security helps creators recover, lock down, and protect every account they monetize — without the enterprise jargon.
See how Locket helps ★Keep reading
What is session-token theft and how do I stop it?
The scary part of modern creator hacks: attackers don't need your password or 2FA. They steal your session cookie. Here's how that works and how to stop it.
How do I recover a hacked YouTube channel?
YouTube channels live inside your Google account — here's how to recover both, report a hijack, and undo crypto-livestream takeovers creators are targeted with.
Is this copyright-strike DM a scam?
“Your account violated copyright — appeal within 24 hours” is a classic scare scam. Here's how to tell a fake strike from a real platform notice.