Cybercriminals Take Aim At High-Profile TikTok Influencers

In a relatively short time TikTok has become a social network to be reckoned with. With over a billion active users on TikTok, creators who strike a chord can quickly rack up millions of followers. That makes their accounts valuable… and increasingly a tempting target for cybercriminals.

Image:

Europa Press via Getty Images

Threat researchers at Abnormal Security have been tracking a new phishing campaign that they say has taken aim at more than 125 TikTok accounts. Many belong to high-profile influencers, but corporate accounts have also been targeted.

Emails linked to the campaign generally claim to be copyright claims or offers to receive verified account status. The initial phishing emails aren’t particularly well-crafted, but as is the cast with many phishing campaigns the goal is to identify low-hanging fruit.

Victims are told to reply to the email. If they do, the attack is likely handed off to a more skilled scammer. A more convincing email reply is sent and it directs the victim to a WhatsApp chat.

The criminals then ask for the phone number and email address linked to the user’s account. Next they request a one-time login code from TikTok and tell the user to relay that code.

Once the attackers hijack the victim’s account they can work on generating a quick profit. There’s a couple of ways that could happen. One option once an attacker has gained control of an account is to post scam content to the massive TikTok audience.

Another is to ransom the account itself. If the attacker gains access to a user’s account, that can be as easy as changing credentials and password reset methods. If the phishing attack fails, the attacker can resort to “ban-as-a-service.” In a worst-case scenario, creators can end up losing access to their account as well as all the content they’ve uploaded.

Business Accounts Offer Criminals Other Opportunities

When it comes to corporate targets, the attackers seem to be primarily interested in social media production companies and talent management firms. Their aim may not necessarily be the accounts themselves, but rather to abuse the access they have to popular TikTok users.

Taking over an account with high level of trust gives scammers an advantage when launching additional attacks. Influencers are far more likely to trust a message received from an account they recognize that from some random Gmail address, even if it is cleverly crafted to resemble a legitimate one.

Stay connected with us on social media platform for instant update click here to join our T witter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here

Read original article here

Denial of responsibility! Rapidtelecast.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.