Security researchers have identified a new phishing campaign targeting content creators on TikTok, likely to take over accounts and blackmail the victims.
Not all phishing campaigns go after a large number of people to catch a few potential victims. Sometimes, attackers use a much more direct approach, depending on what the criminals aim to achieve. In this situation, criminals want to take over TikTok accounts.
Some people could be under the impression that their social media account or their creator account on various platforms has no real value, but that’s not the case. People usually keep private information like photos there and they work hard to provide the community with content. Losing access to such an account could be reason enough for some people to pay a ransom.
Security researchers identified two different waves of emails, sent on Oct. 2 and Nov, 1, to 125 individuals and businesses that have TikTok accounts with lots of followers. Like in other phishing campaigns, the recipients are confronted with urgency, this time under the threat of account deletion, for example.
“In the original phishing email, designed to appear like a copyright violation notice from TikTok, the victim was instructed to respond to the message, lest their account be deleted in 48 hours,” say the researchers from Abnormal Security.
If the victim responds to the email, the attacker sends a second one with a link that opens up a WhatsApp conversation. The criminal asks for the email and phone number to supposedly verify the account. This triggers SMS authentication and the attackers say they need the six-digit code the victim just received. If that key is provided, the attackers take over the account.
If the account seems valuable enough, the criminals will likely ask for a ransom. If not, they say that the six-digit code didn’t work and stop responding to messages.
You should never offer your credentials or private information through online channels. Neither Facebook, TikTok, YouTube nor any other major platform will ask for such information or threaten account deletion.