Researchers from Abnormal Security uncovered a phishing scam aimed at hijacking at least 125 TikTok ‘Influencer’ accounts.
The original phishing email used a TikTok copyright violation notice lure, the messages instructed the victims responding to the message to avoid the deletion of their accounts in 48 hours.
“An email campaign sent in two rounds on October 2, 2021, and November 1, 2021 to more than 125 individuals and businesses appeared to target large-volume TikTok accounts of all kinds and across disparate locales. Among the typical talent agencies and brand-consultant firms we would expect to see, this actor sent messages to social media production studios, influencer management firms, and content producers of all types.” reads the report published by Abnormal Security.
Once the victim replied to the phishing message, the attacker impersonating “TikTok officials” responded via email providing the victims a shortened link titled “Confirm My Account.” The link directed the recipient to a WhatsApp chat conversation. Operators engaged in the WhatsApp conversation asked the victims to verify the phone number and email address linkedin to the targeted TikTok account.
Then, the threat actor asked the victims to confirm the ownership of the account by providing the six-digit code they had received. Using this trick, threat actors were able to bypass multi-factor authentication.
Another campaign targeting TikTok influencers used an email claiming to be sent by “TikTok officials” that informed account holders that the account was eligible for a “verified badge” and asked them to reply to the email to verify the account.
“While we were unable to identify the end goal of the campaign, past targeting of social media accounts on other platforms offers several options. Social media accounts have become increasingly valuable in recent years, creating the incentive to ransom them back to the original owners for a hefty fee. An underground economy has evolved to offer ban-as-a-service, manipulating abuse reporting mechanisms to harass and censor other users, primarily on Instagram.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, phishing)
[adrotate banner=”5″]
[adrotate banner=”13″]