Cybersecurity researchers have come across a new phishing campaign targeting top content creators on TikTok to gain control of their accounts for nefarious purposes.
Discovered by Abnormal Security, the scam involves two stratagems. In one, the criminals pose as TikTok employees and threaten the recipient with imminent account deletion due to an alleged violation of the platform's terms.
In the other scam, attackers lure TikTok users with the offer of a verified badge, which provides additional credibility and increased exposure.
Acquisition or extortion?
According to Abnormal, Whatever the Hook, scammers invite recipients to click on a link to continue.
The link redirects them to a WhatsApp chat room, where the scammer, posing as a TikTok employee, asks content creators for details to log into their account, including the one-time password (OTP) to avoid Platform Multi-Factor Authentication (MFA). .
In their analysis of the scam, Abnormal notes that they detected two spikes in activity while monitoring email delivery in this campaign, one on October 2, 2021, and the other on November 1, 2021.
Since the investigators could get the scammer to take over your account, they aren't sure what the scammers' end goal is. Based on similar phishing campaigns on other social media platforms, researchers believe attackers could possibly seize the account to force the owners to pay a ransom.
“Social media platforms explicitly state in their terms of service that they are not responsible for any data loss and advise users to store all account material abroad…. And therefore, even if the ransom payment is paid, access to your social network may not be regained. media accounts, what it costs those who depend on them for their income to lose their entire livelihood at once, ”warns Rachelle Chouinard, Threat Intelligence analyst at Abnormals.
Make sure you stay safe online with these best identity theft protection services, and use these best security keys to add another layer to protecting your accounts.