Is this copyright-strike DM a scam?
By Bridget · Updated May 2026 · Reviewed by Locket Security Team
★ the short answer
A copyright-strike DM is almost always a scam. Real platforms notify you inside the app and through official email, not via DMs or random links with countdown timers. These messages create panic to make you click a phishing “appeal” link and enter your login. Never click — check your account status directly in the app instead.
How does the copyright-strike scam work?
You get a DM or email claiming your account violated copyright or community guidelines and will be deleted unless you “appeal” within 24–48 hours. The link leads to a convincing fake login page that captures your password and 2FA code in real time. The urgency is the whole trick — it stops you from checking.
How do I tell a real strike from a fake one?
Real notices appear inside the platform itself — your YouTube Studio dashboard, Instagram's account-status page, or TikTok's notifications — and from verified official email domains. Fakes come via DM, use off-platform links, threaten immediate deletion, and often have small grammar or branding errors. When unsure, ignore the message and open the app yourself.
What if I already entered my login on the fake page?
Act fast: from a different, clean device, change that account's password and the password of any account sharing it, sign out all active sessions to kill stolen tokens, and confirm your email and 2FA settings weren't changed. Then upgrade to an authenticator app or passkey.
Frequently asked
- Badges and names can be faked or spoofed. Verification inside a DM proves nothing. Trust only the status shown inside the official app, reached by opening it yourself rather than tapping a link.
Want a human in your corner?
Locket Security helps creators recover, lock down, and protect every account they monetize — without the enterprise jargon.
See how Locket helps ★Keep reading
How do I spot a fake brand-deal email?
Fake sponsorship offers are the leading way creators get hacked — often through a “media kit” or “contract” file that's actually malware. Here's how to spot them.
How do I recover a hacked Instagram account?
A creator's step-by-step plan to get a hacked Instagram account back — what to do in the first hour, the exact forms to file, and how to lock down everything attached to it.
How do I turn on 2FA for Instagram?
Two-factor authentication is the single biggest thing standing between a creator and an account takeover. Here's the exact path to switch it on the right way.