Imagine being a TikTok influencer or brand consultant who spent a lot of time and money on your profile to bring it to its current form, and TikTok suddenly threatens to shut it down. What would you do? We’ll answer that: You’ll do anything to save it. Anything!
Recently, a new phishing campaign targeted high-profile TikTok accounts. The attackers disguised themselves as TikTok employees and threatened the users with an imminent account deletion due to an alleged violation of the platform’s terms.
The campaign has been seen twice in 2 months and is expected to resurface in the upcoming days. What is this about and how are the attackers operating? We’ve explained everything in this comprehensive article.
TikTok Phishing Campaign – Scam Verified
Phishing scams and malware infections are everywhere and they’re on the rise. A while ago, Android suffered a huge attack with the AbstractEMU malware. And now, this.
The campaign targeted a huge number of high-profile influencers, brand consultants, production studios, and influencers’ managers.
To be exact, more than 125 people were victims of the attack in hopes of stealing their info or locking them out of their accounts.
According to Abnormal Security’s report, the emails were sent in two rounds on October 2, 2021, and November 1, 2021. The attack consists of two scams:
Act I – Threat & You Shall Receive
The first one begins with an email sent by attackers impersonating TikTok and prompting users to verify their log-in information. Before the verification process, the attackers play on the influencers’ fear factor.
The email includes a “warning” note, stating that their account violated TikTok’s copyright terms and they should reply to the email in order to verify their account.
If they don’t do that within 48 hours, it’s going to be deactivated. At least that’s the fake threat they’re making. It’ll all result in what’s coming next in the article.
Act II – Verified Scam Badge
Unfortunately, it doesn’t stop with the first attempt as the phishing scam proceeds with yet another form. This time, attackers promise their targets with a certified badge. Who doesn’t want one of those?
The email sent to the victims is presented in the image below:
This is the second attempt, and it’s pretty convincing. Getting a verified badge is everything a TikToker could ask for, and to get that would make falling for this trick pretty easy.
Act III – Impersonate TikTok Officials
Both of the emails have one thing in common, create a fake path for the victim to follow. They ask for a reply and once the victim does, the attackers provide them with a button that says: Verify My Account.
With the fear of losing their account present or excitement to get verified, they’re bound to click on the link. When they do, it takes them to a WhatsApp chat. Once there, a fake TikTok representative would ask them to confirm their accounts. Check the initiated chat below:
As seen above, the users provided everything needed for the attackers to take over the account. It’s not clear what the attackers’ motive is, but asking for a ransom is an option.
TikTok Phishing Scam – Empty Promises/Threats Do Have Impact
Phishing scams are taking over the online world and you must know everything about them if you want to avoid falling victim.
The best way to protect yourself is by never clicking such links. Make sure that it’s the official source sending you that email. If you’re not visit the official page directly. Stay safe.