Cybersecurity researchers discovered a new phishing campaign preying on high-profile individuals on Tiktok.
Based on a report by Techradar, it was Abnormal Security who found out about the latest scam which utilized two methods of tricks. The first is these con artists will impersonate as TikTok employees and will threaten a victim with an impending account deletion due to an alleged violation of the online platform’s terms.
The second method of the scam is that these attackers execute baits to TikTok users, offering them a Verified Badge which would give such a user increased exposure in the app and additional credibility.
According to Abnormal, the scammers would invite users to click a link to proceed further, regardless of the bait.
The link takes users to a WhatsApp chat room, where a scammer posing as a TikTok employee requests information from the content creators, including their one-time password (OTP) to bypass the platform’s multi-factor authentication (MFA).
Furthermore, Abnormal has claimed to have spotted the two activity peaks while they were monitoring the distribution emails in the campaign, where the first was seen on October 2, and the other on November 1, this year.
Researchers are still unclear what’s the end goal of these scammers once they take over a TikTok user’s account.
However, researchers believe that the attackers could perhaps take over the account to force the respective owners to pay a ransom which is based on similar phishing campaigns on other social networking platforms.
Threat Intelligence Analyst, Rachelle Chouinard, explained that social media platforms such as TikTok would not bear any data loss as stated in their terms of service and has even advised its users to store all account materials externally.
“And so even if the ransom payment is paid, there may be no regaining access to your social media accounts—costing those who depend on it for their income to lose their entire livelihood in one swoop,” she added.
Nowadays, social media accounts are becoming more valuable as it provides incentives as well when users reach a certain number of followers which would transform them into influencers.
Hence, the reason scammers are targeting these high-profile accounts on TikTok as they know that their victims would want their accounts back and would be willing to pay a hefty fee for it as well.