Tiktok Phishing Campaign

Recently, on October 2, 2021, and November 1, 2021 one media outlet reported the news. Some bad actors conducted a rather large phishing campaign. According to a report it seemed like they primarily decided to target accounts with rather large audiences coverage. Scammers pretended to be from the Tiktok team. And attackers wrote in those emails that either they needed to verify the account to give a badge. Or they said that the presuposed account violates the copyright policy of the platform. More than 125 individuals and businesses received such fake Tiktok emails.

Phishers impersonated Tiktok this time

Phishers specifically targeted brand-consultant firms, talent agencies, influencer management firms and social media production studios. They were those from whom the phishers could have high chances of gaining some benefit. Emails were sent also to content producers of all types. It seemed they reached everyone starting from models, magicians and individual actors, they were going globally suffice to say. Obviously many of those affected emails were directly scraped out from the accounts themselves.

Tiktok Phishing Campaign
One of the emails scammers sent their victims

Cyber security specialists say that the possible reason for such even two waves of attacks on social platform users may lie in an actual profit from aforesaid actions. Since major social giants put the monetization for creators on their platforms the bad actors instantly flock to find their targets and profit from them. The clear purposes of the aforementioned emails were not identified though.

Social media platforms became quite the profitable thing in recent years

Even such a notion as ban-as-a-service evolved in the underworld economy. Sadly when someone falls victim to this and especially on Tiktok the data and most important valuable content in most cases is hard to recover. Even if the ransom would be paid the possibility to gain control of the attacked account falls to minimum.

In most cases scammers try to impersonate mostly very well known and with high customer trust levels brands. Cyber security specialists at Checkpoint specifically conducted research on phishing. The results showed that Microsoft accounted for 29 percent of all global phishing attacks between July and September this year. Amazon and Google received 13 percent and six percent of all phishing attacks over the three-month period.

“Any customer that receives a questionable email, call, or text from a person impersonating an Amazon employee should report them to Amazon customer service. Amazon investigates these complaints and uses them to protect customers and hold the bad actors accountable.” An Amazon spokesperson told The Sun.

Attackers try their best to trick people into giving out their credentials. The best way is to make the email look legitimate, creating an urgent need to do something and right to it the quickest solution in a form of fraudulent link. One of the countersteps cyber security specialists advise is to always first check the URL of a site if it matches with a legitimate website.

About Andy

Cybersecurity journalist from Montreal, Canada. Studied communication sciences at Universite de Montreal. I was not sure if a journalist job is what I want to do in my life, but in conjunction with technical sciences, it is exactly what I like to do. My job is to catch the most current trends in the cybersecurity world and help people to deal with malware they have on their PCs.

Check Also

Attackers usually don`t brut-force long passwords

Attackers usually don`t brute-force long passwords

Microsoft’s network of honeypot servers data showed that very few attacks targeted long and complex …

Another Windows zero day allows for admin privileges

Another Windows zero day allows for admin privileges

Researcher Abdelhamid Naceri who often reports on Windows bugs this time dropped a working proof-of-concept …

Leave a Reply