TLDR
Scammers are targeting Chrome extension publishers with convincing fake "copyright removal" notices claiming the extension will be deleted from the Chrome Web Store in 48 hours. The phishing page is hosted on a non Google domain but uses...
How it works
Scammers are targeting Chrome extension publishers with convincing fake "copyright removal" notices claiming the extension will be deleted from the Chrome Web Store in 48 hours. The phishing page is hosted on a non Google domain but uses...
Red flags
- Threat arrives on a third party domain (e.g. dmca chrome extensions[.]click ), not in your real Chrome Web Store Developer Dashboard. The "Google sign in window" cannot be dragged outside the browser and disappears if you minimize it real browser dialogs behave differently. High pressure countdown, fake complaint number, and demand to sign in within 48 hours to "appeal"
What to do
- 1Verify any takedown notice only inside the
Source
malwarebytes
Source reviewed by Mythos Forensic Team
https://www.malwarebytes.com/blog/threat-intel/2026/06/these-convincing-copyright-notices-are-designed-to-steal-google-loginsFAQ
Is Fake Chrome Web Store copyright takedown notices steal Google developer logins a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
Threat arrives on a third party domain (e.g. dmca chrome extensions[.]click ), not in your real Chrome Web Store Developer Dashboard. The "Google sign in window" cannot be dragged outside the browser and disappears if you minimize it real browser dialogs behave differently. High pressure countdown, fake complaint number, and demand to sign in within 48 hours to "appeal"
What should I do first?
Verify any takedown notice only inside the
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.