TikTok accounts under phishing attacks with lure of ‘Verified’ badge or threat of suspension and termination: Users directed to WhatsApp chat for extortion?

TikTok Phishing Attacks Scams Verified Account Badge Instagram
Phishing attacks on TikTok. Pic credit: Marco Verch/Flickr

A new phishing campaign is now increasingly targeting TikTok accounts with a high like and follower count. The attack employs manipulative emails as well as WhatsApp chats to lure victims and gain login credentials.

TikTok account holders, especially the high-profile ones, need to be extra vigilant about suspicious emails that threaten to suspend or terminate their accounts. Some emails are also promising to award a “Verified Account” badge to the TikTok Account.

Phishing attacks, peculiarly beginning at the start of each month, targeting high-profile TikTok accounts:

Researchers from Abnormal Security have observed rather strange, scheduled, phishing attacks targeting TikTok accounts. The main targets include influencers, brand consultants, production studios, and influencers’ managers. However, the primary criteria are a high follower count and a huge number of likes.

The attacks have reportedly peaked on October 2, 2021, and on November 1, 2021. Hence, researchers are cautioning TikTok users about attacks that might take place at the beginning of next month.

The attacks are surprisingly simple in execution, but based on preliminary research, are proving to be quite effective. The attackers are taking one of the two approaches: Threats and coercion or promise of a “Verified” TikTok Account badge.

In the first type of attack, threat actors impersonate TikTok employees, threatening the recipient with imminent account deletion due to an alleged violation of the platform’s terms.

In the second type of attack, attackers are sending out emails offering a ‘Verified’ badge. However, in both types of attacks, there is a link involved.

Interestingly, the link does not take the potential victim to a well-crafted but fake TikTok website. Instead, it takes them to a WhatsApp chat.

Why are Phishing Attacks so successful?

As recently reported, Instagram accounts, especially with a high follower count, are under attack. The attackers are using similar phishing techniques.

In the case of Instagram, attackers were quite possibly relying on users not being aware of how to secure or recover an account. However, in the case of TikTok, attackers are extending the attack using WhatsApp.

One of the attackers welcomes the potential victim, obviously while pretending to be a TikTok employee. The scammer engages the victim and tries to get the email ID and phone number associated with the TikTok account.

TikTok has Two-Factor Authentication enabled. However, the scammer claims they have sent a code to verify the account user. Needless to mention, handing over the code allows attackers to gain control of the account.

TikTok Phishing Attack WhatsApp Victim Chat
Pic credit: Abnormal Security via BleepingComputer

It is not immediately clear what is the “payload” or purpose of the attack. The most obvious is extortion, usually in the form of Bitcoin.

However, as seen in the Instagram case, threat actors might have ulterior motives. They might want to get the TikTok account banned from the platform.

Attackers could achieve this quite easily by posting something offensive. TikTok’s terms of service make it clear that it will permanently suspend or terminate accounts of violators.

Security researchers advise not to share any OTP (One Time Password) with anyone. Additionally, reach out to the social media helpdesk to counter-verify claims, threats, or promises.

Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x

Warning: Undefined variable $posts in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Trying to access array offset on value of type null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309

Warning: Attempt to read property "post_author" on null in /home/thetechherald/public_html/wp-content/themes/generatepress_child/functions.php on line 309