Discovered by Abnormal Security, the scam involves two ploys. In one the scammers impersonate TikTok employees, and threaten the recipient with imminent account deletion due to an alleged violation of the platform's terms.
In the other scam, the attackers bait the TikTok users with the offer of a Verified badge, which brings with it additional credibility and increased exposure.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
Takeover or extortion?
According to Abnormal, irrespective of the bait, the scammers invite recipients to click a link to proceed further.
The link redirects them to a WhatsApp chat room, where the scammer, impersonating as a TikTok employee, asks the content creators for details to log into their account, including the one-time password (OTP) to bypass the platform’s multi-factor authentication (MFA).
In their breakdown of the scam, Abnormal notes that they’ve spotted two activity peaks while monitoring the distribution of emails in this campaign, one on October 2, 2021, and the other on November 1, 2021.
Since the researchers could get the scammer to take over their account, they are unclear as to the end goal of the scammers. Based on similar phishing campaigns on other social networking platforms, the researchers believe that the attackers could perhaps take over the account to force the owners to pay a ransom.
“Social media platforms explicitly state in their terms of service that they bear no responsibility for any data loss and advise users to store all account material externally….And so even if the ransom payment is paid, there may be no regaining access to your social media accounts—costing those who depend on it for their income to lose their entire livelihood in one swoop,” warns Abnormals’ Threat Intelligence Analyst, Rachelle Chouinard.