Fake YouTube Copyright Scam Impersonates City of Grand Forks

A scam targeting YouTubers and other content creators is using the identity of the City of Grand Forks to make fake copyright claims look legitimate. The message is designed to create urgency, frighten the recipient into believing a formal complaint has been opened, and push them toward an external link presented as a dashboard where they can review the case. In reality, the email appears to be part of a phishing operation aimed at stealing access to YouTube channels, social media accounts, and other sensitive information.

The strongest warning sign is not the mention of copyright by itself. It is the way the message is constructed. The sender claims to work for the City of Grand Forks, references a specific video title and case number, and tries to make the situation feel official by linking to a real page on the city’s website before directing the target to an unrelated external link to “review the full details.” That is not how YouTube copyright enforcement is supposed to work. The message is built to look procedural and credible while moving the real action away from YouTube and toward a phishing destination the attacker controls.

This kind of scam is effective because it borrows authority from real institutions. A small creator may not know whether a city website is real, whether a “Content Management Analyst” is a real job title, or whether an outside dashboard might be used in a copyright dispute. The attacker only needs the email to look believable long enough for the target to click, panic, and start handing over credentials or other sensitive information.

How the Scam Works

First, the scammers send a message and frame the message as a formal copyright matter. That immediately raises the stakes for creators because YouTube copyright issues can affect monetization, takedowns, or channel standing. Second, it includes specific-looking details such as a case number, a video ID, and the exact title of the target’s video. Those details make the message look researched rather than mass-mailed.

Third, and most important, it presents an external link as the place where the recipient is supposed to review the complaint and choose a response. That is the trap.

The point of the email is not to begin a real copyright process. The point is to move the target off-platform and into an attacker-controlled workflow. Once that happens, the scammer can try to collect login credentials, channel access, social media access, recovery information, or other personal data. In some cases, these scams are also used to deliver malicious files, fake login pages, or account-connection prompts that give the attacker control without the victim realizing what was just handed over.

Why the Email Is Suspicious

The scam works by combining a real identity with a fake process. Grandforksgov.com appears to be the legitimate City of Grand Forks website. That is what makes the message more deceptive, not less. Instead of inventing a nonsense organization, the attacker appears to be impersonating a real city government presence and wrapping the scam in enough authentic-looking detail to bypass a creator’s first instinct to dismiss it.

The email also uses a page on the real city website as part of the illusion. That technique helps establish trust. A recipient may see a legitimate-looking government page and assume the rest of the message is equally legitimate. But that is not the same thing as the copyright claim being real. It is a common phishing pattern to mix real names, real pages, and real brands with the one fake link or fake step that actually matters.

Another obvious problem is the dashboard link. Real YouTube copyright removals are handled through YouTube’s own systems and legal process, not through a third-party “case dashboard” sent in an email from a city employee. If someone genuinely believes their copyright was infringed on YouTube, YouTube instructs rights holders to submit a copyright removal request through YouTube Studio or directly to YouTube by email, fax, or mail. A creator receiving a real issue should expect the process to tie back to YouTube’s own infrastructure, not an unrelated external shortcut.

The mismatch between the claimed authority and the requested action is exactly what gives the scam away. The attacker wants the victim to focus on the threat of copyright trouble, not the fact that they are being redirected into an off-platform workflow that should not exist.

Who This Scam Appears to Target

This type of message is well suited to creators because creators are easy to pressure with copyright language. A YouTuber who sees “Response Needed” and “Copyright Claim” in the subject line may click before thinking. Many creators know just enough about copyright enforcement to be afraid of it, but not enough to immediately recognize the formal process. That gap is where the attacker operates.

The scam can work especially well against:

• YouTubers and livestreamers
• Gaming channels
• Music and clip channels
• Influencers managing multiple social accounts
• Creators who delegate editing, uploads, or account access

The reason is simple. These people often have something valuable tied to their account. A hijacked YouTube channel can be sold, used for crypto scams, redirected to malware campaigns, or leveraged to attack the creator’s wider brand footprint. Social media access is not just an inconvenience. It can be monetized quickly by attackers.

What the Attackers Likely Want

A fake copyright dashboard can be used in several ways. The most direct is credential theft. The victim clicks through, sees a page dressed up as a complaint portal or login flow, and signs into what they think is a review system. In reality, they may be typing their Google credentials, recovery details, or authentication information straight into a phishing page.

A second possibility is account-connection abuse. Some scams do not ask for your main password immediately. Instead, they ask you to “log in with Google,” “review the case,” or “authorize access” to view complaint materials. That can still hand the attacker what they need.

A third possibility is malware delivery. A victim may be told to download supporting case documents, evidence, or a notice package. That download may be a malicious file instead.

Once a creator account is compromised, the damage can spread fast. Attackers often change recovery settings, remove the real owner, pivot into connected channels, or use linked email and social media accounts to deepen control.

Why Copyright Scams Keep Working on Creators

Creators are used to operating in an environment where real policy enforcement and fake enforcement often look similar at first glance.

Platforms send automated emails. Rights holders use legal language. Case numbers appear in official notices. Videos do get flagged. Channels do get suspended. Because the real system is stressful and often opaque, scammers can imitate its tone without having to make the message perfect.

That is why scams like this do not need to sound polished. They only need to sound serious. A creator who feels they might lose a channel, strike a video, or damage a monetized account is already under pressure. The scammer benefits from that pressure.

The use of a government identity adds another layer. Most people do not expect a city website to be involved in a phishing operation, even indirectly through impersonation. That borrowed legitimacy helps the message punch above the quality of its writing.

What Creators Should Do Instead

If you receive a message like this, do not click the dashboard link. Do not log in through it. Do not download any supposed evidence or complaint materials from it.

Instead:

• Check YouTube Studio directly for any real copyright issues
• Review your official Google and YouTube account notifications
• Search the sender and message independently rather than trusting the email’s links
• Report the email as phishing or spam
• Warn team members who may also have access to your accounts

If you already clicked the link, the response should be immediate. Change your Google password, review active sessions, remove unfamiliar devices, check recovery options, rotate passwords on connected social accounts, and review any third-party app access tied to the account. If you entered credentials or approved any prompt, assume the attacker may already be trying to use them.

If you downloaded anything from the link or from a related follow-up message, scan the device with a trusted security tool such as Malwarebytes and review startup items, browser extensions, and recent installs carefully.

Why This Scam Matters Beyond One Email

This is not just a nuisance email problem. It shows how scammers are adapting to the creator economy.

A YouTube channel is an asset. So is a TikTok account, an Instagram page, a Discord server, or the email account that controls them all. Attackers understand that creators often run small media businesses on top of consumer-grade account security and constant incoming messages. That makes them attractive targets.

The scam also highlights a broader problem with trust online. A real city website can be used as part of a fake narrative. A real-sounding copyright issue can be used to push people into fake workflows. A creator may think they are acting responsibly by responding quickly, when in fact the speed of that response is exactly what the attacker is counting on.

Anyone creating content professionally or semi-professionally should treat off-platform copyright notices with skepticism unless they can be verified through the platform itself. The safest assumption is not that every legal-sounding message is fake. It is that every urgent message demanding off-platform action deserves to be verified before anything is clicked.

For continued coverage of scams, phishing attacks, and account-security threats affecting creators, the larger lesson is straightforward. Attackers do not need to invent believable stories from scratch anymore. They can borrow authority from real institutions, real platforms, and real enforcement language, then use one malicious step to turn that trust into account theft.