IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

TikTok phishing campaign tried to scam over 125 influencer accounts

Hackers threatened to delete accounts over copyright violations

Hackers have mounted a phishing campaign intending to hijack the accounts of at least 125 influencers on the social media network.

Security researchers at Abnormal Security said the campaign, in which emails were sent in two rounds on October 2 and November 1 to more than 125 individuals and businesses, appeared to target large-volume TikTok accounts worldwide.

The victims, which included social media production studios, influencer management firms, content producers, actors, models, and magicians, were told their posts violated copyright laws and had to respond to the message or have their account deleted in 48 hours.

After replying to the first email, researchers received another email containing a shortened link titled “Confirm My Account,” which directed them to a WhatsApp chat conversation. Researchers were asked to verify the phone number and email address linked to the targeted TikTok account in that WhatsApp conversation.

Hackers pretending to be TikTok officials then asked to confirm ownership of the account by providing the six-digit code we had received. Researchers said this was one way hackers try to bypass two-factor authentication. Hackers then ended the conversation with researchers once they found out their audience engagement on TikTok was below par. 

Another email offered victims a verified badge with a link to click that would “verify” them. This also led to a WhatsApp conversation with the hackers pretending to be from TikTok.

Researchers said that while they could not identify the campaign’s goal, past targeting of social media accounts on other platforms offers several options.

Related Resource

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

2021 state of email security report: Ransomware on the rise - whitepaper from MimecastFree download

“Social media accounts have become increasingly valuable in recent years, creating the incentive to ransom them back to the original owners for a hefty fee,” said researchers.

“An underground economy has evolved to offer ban-as-a-service, manipulating abuse reporting mechanisms to harass and censor other users, primarily on Instagram.”

Researchers warned that victim accounts in this scenario often end up deleted, especially for those on TikTok.

“Social media platforms explicitly state in their terms of service that they bear no responsibility for any data loss and advise users to store all account material externally. In most instances, data from deleted accounts is not recoverable by the platform,” said researchers.

“And so even if the ransom payment is paid, there may be no regaining access to your social media accounts—costing those who depend on it for their income to lose their entire livelihood in one swoop.”

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Recommended

China-backed hackers take down Amnesty International Canada for three weeks
Security

China-backed hackers take down Amnesty International Canada for three weeks

7 Dec 2022
Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine
cyber warfare

Microsoft: Russia increasingly timing cyber attacks with missile strikes in Ukraine

5 Dec 2022
'CryWiper' trojan disguises as ransomware, says Kaspersky
malware

'CryWiper' trojan disguises as ransomware, says Kaspersky

2 Dec 2022
Hyundai vulnerability allowed remote hacking of locks, engine
Security

Hyundai vulnerability allowed remote hacking of locks, engine

30 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Larger monitors aren't all they're cracked up to be
monitors

Larger monitors aren't all they're cracked up to be

3 Dec 2022
Defra's legacy software problem 'threatens' UK gov cyber security until 2030
Business strategy

Defra's legacy software problem 'threatens' UK gov cyber security until 2030

6 Dec 2022