TikTok is a giant of social media, with over 1 billion users. On the mini-video sharing app, creators who catch on can rack up millions of followers. That makes their accounts very lucrative — and cybercriminals are targeting them.
Researchers have reported on a new campaign of phishing that has targeted more than 125 leading TikTok accounts. In the scam campaign, influencers are sent emails claiming copyright infringement or offering verified profile status.
If the influencer replies to the email, the case is likely handed over to a more advanced cybercriminal. A more professional-seeming reply is sent, directing the victim to a WhatsApp chat. The criminals then ask for the phone number and email address linked to the user’s account.
Following this, the cybercriminals will be able to hijack the account and make a profit. One route they take is to post scam content to the massive TikTok audience. Another is to ransom the account itself (creators can end up losing access to their account along with all content).
In the case of corporate targets, the attackers are also going after social media production companies — as well as talent management companies. If the influencer receives the phishing email from what seems to be one of these organizations, they will be more likely to respond, perhaps thinking that they’ve found success.
The reason these TikTok accounts are so highly-prized by scammers all comes down to the value of consumer trust — accounts with a high level of trust give scammers an advantage.
In summary, stay safe out there TikTokers! And be weary of any emails coming in from talent agencies, or on the topic of copyright infringement and profile verification. Pay attention to the email addresses: official emails are very rarely Gmail addresses.
Trend Micro ScamCheck can lend a hand when it comes to telling fact from fiction, innocent from malicious — and for keeping your details safe and secure. As ever, we hope this article has been of use and/or interest to you — if so, please do SHARE with friends and family to help keep the online community secure and protected.