Fake Twitch Partner/Affiliate monetization-review lure — "your Twitch Partner application is under review / Affiliate payout on hold / creator dashboard re-authentication required, verify within N hours" + credential-harvesting link to a non-twitch.tv host impersonating the Twitch creator dashboard. Targets ~9M active streamers. Blast radius: payout redirection, channel takeover (fake endorsements / crypto scams posted to the streamer's subscriber base), subscriber PII + brand-deal inbox access. The 2021 Twitch 125GB breach pre-identified streamer emails for ongoing campaigns. Distinct from fake-twitch-turbo-prime-gaming-subscription-billing-phish (consumer viewers). Evidence: 2021 Twitch breach, Proofpoint 2022-2024 streamer-phishing telemetry, r/Twitch megathread advisories

Twitch streamer-targeted monetization-review credential phishing. Twitch's Affiliate (low-bar) and Partner (higher-bar) monetization programs are the gateway through which roughly 9 million active streamers earn subscription + bits + ad revenue. Both programs have legitimate application / review / tax-documentation flows that generate regular emails from Twitch. Attackers exploit that normalized traffic with fake "application under review — verify identity within 48 hours," "payout on hold pending tax re-verification," "creator dashboard re-authentication required," "Partner status at risk." The link drives to a typosquat host (twitch-partner-review.example, twitch-creator-verify.example, twitch-streamer-reauth.example) that presents a pixel-perfect fake Twitch creator-dashboard sign-in. Once credentials are harvested the blast radius is severe: (1) payout redirection — attacker changes the linked bank / PayPal to redirect the next subscription payout, which for mid-tier streamers is thousands of dollars per month (Partner payouts happen monthly via ACH / PayPal); (2) channel takeover — attacker posts fake endorsements or crypto scams to the streamer's existing subscriber base using the legitimate account identity (documented case: multiple Partners in 2021-2024 had their channels used to broadcast crypto-scam streams before the owner could regain control); (3) subscriber PII exposure — viewer lists, chat logs, subscriber emails all visible in the creator dashboard; (4) brand-deal hijack — many Partners have direct-message sponsor relationships visible in their Twitch inbox, which the attacker can impersonate to redirect sponsor payments. The 2021 Twitch 125GB breach leaked partial creator-payout data which created a pre-verified streamer email list that has been phished continuously since. Distinct from `fake-twitch-turbo-prime-gaming-subscription-billing-phish` (iter ~946, consumer-side Turbo / Prime Gaming subscription billing — completely different target population: viewers, not streamers) and from `fake-patreon-substack-creator-payout-phish` (different platforms, different credential flow). Legitimate Twitch communications come exclusively from `twitch.tv`, `email.twitch.tv`, `twitch.com`, `amazon.com`, or `primegaming.amazon.com`. Warning signs: any monetization-review email whose sign-in link is hosted elsewhere. Twitch itself publishes multiple phishing advisories annually specifically warning creators about these lures. Defense: always open your creator dashboard directly from the Twitch app or a bookmarked `dashboard.twitch.tv` URL — never via an email link. If you're a Partner, enable hardware-backed 2FA (FIDO2 security key) on your Twitch account and consider setting up payout-change-delay with Twitch support to require 2nd-channel approval for any payout-bank changes.