A new phishing campaign is now increasingly targeting TikTok accounts with a high like and follower count. The attack employs manipulative emails as well as WhatsApp chats to lure victims and gain login credentials.
TikTok account holders, especially the high-profile ones, need to be extra vigilant about suspicious emails that threaten to suspend or terminate their accounts. Some emails are also promising to award a “Verified Account” badge to the TikTok Account.
Phishing attacks, peculiarly beginning at the start of each month, targeting high-profile TikTok accounts:
Researchers from Abnormal Security have observed rather strange, scheduled, phishing attacks targeting TikTok accounts. The main targets include influencers, brand consultants, production studios, and influencers’ managers. However, the primary criteria are a high follower count and a huge number of likes.
The attacks have reportedly peaked on October 2, 2021, and on November 1, 2021. Hence, researchers are cautioning TikTok users about attacks that might take place at the beginning of next month.
Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts as Threat actors used malicious emails to target more than 125 people with high-profile TikTok accounts in an attempt to steal info and lock them out. https://t.co/jFizX11Cbm
— Richard Bell (@richardbell__) November 17, 2021
The attacks are surprisingly simple in execution, but based on preliminary research, are proving to be quite effective. The attackers are taking one of the two approaches: Threats and coercion or promise of a “Verified” TikTok Account badge.
In the first type of attack, threat actors impersonate TikTok employees, threatening the recipient with imminent account deletion due to an alleged violation of the platform’s terms.
— Social-Engineer, LLC (@SocEngineerInc) November 17, 2021
In the second type of attack, attackers are sending out emails offering a ‘Verified’ badge. However, in both types of attacks, there is a link involved.
Interestingly, the link does not take the potential victim to a well-crafted but fake TikTok website. Instead, it takes them to a WhatsApp chat.
Why are Phishing Attacks so successful?
As recently reported, Instagram accounts, especially with a high follower count, are under attack. The attackers are using similar phishing techniques.
In the case of Instagram, attackers were quite possibly relying on users not being aware of how to secure or recover an account. However, in the case of TikTok, attackers are extending the attack using WhatsApp.
ALERT!#TikTok users need to be very careful, there is a phishing campaign sending out emails claiming to be from officials to target famous accounts. Always verify the senders email address.#cybersecurity #infosec pic.twitter.com/Z2mxVFiJBB
— RW-CERT (@RWCERT) November 17, 2021
One of the attackers welcomes the potential victim, obviously while pretending to be a TikTok employee. The scammer engages the victim and tries to get the email ID and phone number associated with the TikTok account.
TikTok has Two-Factor Authentication enabled. However, the scammer claims they have sent a code to verify the account user. Needless to mention, handing over the code allows attackers to gain control of the account.
It is not immediately clear what is the “payload” or purpose of the attack. The most obvious is extortion, usually in the form of Bitcoin.
However, as seen in the Instagram case, threat actors might have ulterior motives. They might want to get the TikTok account banned from the platform.
TikTok phishing threatens to delete influencers’ accounts https://t.co/eFG6JJ8hST
— Datenschutz Bochum – Nicht ist unmöglich. (@Bo_Datenschutz) November 17, 2021
Attackers could achieve this quite easily by posting something offensive. TikTok’s terms of service make it clear that it will permanently suspend or terminate accounts of violators.
Security researchers advise not to share any OTP (One Time Password) with anyone. Additionally, reach out to the social media helpdesk to counter-verify claims, threats, or promises.