Collaffy LogoCollaffy
All guides

Guide · 7 steps

How to spot a scam DM (and what to do when one slides into your inbox)

Scam DMs outnumber real offers in most creator inboxes. Here's the seven-step screen you can run in under a minute.

Scammers learned a long time ago that creators are a high-value target: a single successful 'we'd like to send you free product, just confirm your address and a small shipping fee' nets them either a credit card number or a free item. The pitches have gotten more sophisticated since.

This guide is a seven-point screen you can run on any incoming brand DM in under sixty seconds. None of these signals are dispositive on their own — but two or three together almost always are.

  1. Check the email domain, not just the brand name.

    The single most reliable signal: does the contact's email address match the brand they claim to represent? If 'Sephora' is reaching out from `sephora.brandcollabs@gmail.com` or `sephoraofficial@mail.ru`, it's not Sephora. A real brand contact sits at `firstname.lastname@brand.com` or `partnerships@brand.com`. Run this check on every new request. A planned brand-verification flow will formalize it — sending a magic link to the corporate domain that the contact has to click from inside the brand's mail system — but until that ships, the manual check is what you have.

  2. Look for budget specificity (or its absence).

    Real brand outreach has a budget range. Scam outreach almost never does, because pinning down a number creates accountability. Watch for vague phrases like 'we offer competitive compensation', 'we'd love to discuss compensation on a call', or — the bright red flag — 'gifting only for content that would cost $5,000+ to produce.' A brand that wants to pay nothing will euphemize. A brand that means business will quote you.

  3. Read the deliverable ask carefully.

    Scam asks are often disproportionate to what's being offered. 'A two-minute YouTube integration plus three Instagram Reels plus a long-form blog post plus a Story takeover plus exclusivity for ninety days' in exchange for 'product worth $200' is not a real offer. Real outreach asks for one or two deliverables and offers actual money for them.

  4. Search for the brand outside the message.

    Open a private browser tab and search the brand name. A real brand has a web presence — a real website with real products, an active LinkedIn page, recognizable customers. A fake brand has a Shopify URL registered three weeks ago and a single Instagram account with zero engagement. If you can't find the brand without the email guiding you, that's a tell.

  5. Don't click links from cold DMs.

    If the message contains a download link, a Google Form link, a shortened URL, or a 'click to view the brief' link, treat all of them as untrusted until you've verified the brand by other means. Scam workflows often involve a fake brief on a phishing domain that captures your login or payment info. Collaffy's intake flow flips this: the brand fills in a brief on your domain, not the other way around.

  6. Watch for urgency theater.

    'We need to know by tomorrow.' 'The campaign launches in 48 hours.' 'We can only offer this rate this week.' Manufactured urgency is the oldest scam tactic; it exists to short-circuit the verification steps in this guide. A real brand with a real budget can wait three business days for you to do basic due diligence. The ones who can't, won't pay.

  7. When in doubt, decline politely and move on.

    You don't owe a debunking essay to every suspicious DM. A two-sentence decline — 'Thanks for reaching out, but we're not the right fit for this' — closes the thread without explaining why you suspect it's a scam. The cost of declining a real offer that triggered three of these signals is far lower than the cost of accepting one that turned out to be fraud.

Bottom line

Nobody catches every scam. The point of this checklist isn't perfect detection — it's making the cost of running a scam against you high enough that the next scammer moves on. Collaffy's access control (brands can't message you until you accept) and structured intake form remove a chunk of the surface area scams exploit. The planned brand-verification flow will close more of it; until that lands, this seven-step screen is what's between you and the noise.

Keep reading

Ready to put this into practice?

Claim your link