Are you a Tiktok user? This information is for you.
Cybersecurity researchers have come across a new phishing campaign targeting top content creators on TikTok. This “cheat” is intended to steal control of your account for illegal purposes.
The scam, discovered by Abnormal Security , consists of two tactics. In one, the scammers posing as TikTok employees and threatening the recipient with immediate deletion of their account. The reason they give is an alleged violation of the platform’s rules.
In the other form of scam, attackers trick TikTok users by offering a verified badge. Notably, this is very tempting as it brings with it additional credibility and increased exposure.
Appropriation or extortion of TikTokers?
According to Abnormal, regardless of the deception, scammers invite TikTokers (content creators) to click on a link to continue the process.
The link redirects them to a WhatsApp chat window, where the scammer poses as a TikTok employee. It then asks TikTokers for the details to access your account, including the one-time password (OTP). In this way, the platform’s multi-factor authentication (MFA) is bypassed.
In its report on the scam, Abnormal indicates that it has detected two peaks of activity when monitoring the distribution of emails for this campaign. One on October 2, 2021 and another on November 1, 2021.
Since investigators were able to get the scammer to seize your account, they are unclear on the ultimate goal of those responsible. Based on similar phishing campaigns on other social networks, experts believe that attackers could take control of the account to force TikTokers to pay a “ransom.” That is, give an amount of money so that they return their account.