Cybercriminals apparently took a TikTok prank, put a little twist on it, and are now actively using it to steal money from victims.
For some time now, TikTokers have shared a prank in which they call one of their friends through an autoresponder, whose voice is generated by an online translator.
They would then tell that friend that they are representatives of a major retail brand and ask them to confirm a major purchase (which, of course, never happened). Once the person being pranked tries to "cancel" the command, the answering machine confirms it, as if he had misheard. At that point, whatever the person who was pranked says, the machine would respond as if confirming the purchase.
adopt a joke
While on TikTok it's nothing more than a harmless joke, elsewhere, cybercriminals are actually scamming people out of their money, according to Kaspersky. The process is simple, they would send an email to the victim saying that they made a large purchase (usually over €2000) that needs to be confirmed or cancelled.
The email would also share a phone number that the victim can call to "confirm" their identity (opens in a new tab) and cancel the order. Those gullible enough to call “customer support” usually end up sharing sensitive payment details with the attackers and have their accounts deleted as a result.
During the phone call, the attackers also tried to intimidate the victims, creating a false sense of urgency and putting pressure on them to give in.
In the three months to July, Kaspersky detected around 350.000 such emails, compared to 100.000 in June alone.
Cybercriminals are using phone lines as attack vectors a bit more lately, mainly because email protection services do a good job of filtering emails with phishing links and virus-containing attachments (s' opens in a new tab) or ransomware.
