Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts

image
A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers said the campaign marks one of the first major attacks on “influencers” found on the TikTok social-media platform. Researchers at cloud email security provider Abnormal Security detected the scams that attempted to take over people’s accounts by sending emails impersonating TikTok and asking users to verify their log-in information. The campaign, tracked on Oct. 2 and Nov. 1, was sent to individuals worldwide. Each target had large-volume TikTok accounts “of all kinds and across disparate locales,” according to a Tuesday report authored by Abnormal Security. “Among the typical talent agencies and brand-consultant firms we would expect to see, this actor sent messages to social media production studios, influencer management firms, and content producers of all types,” Rachelle Chouinard, a threat intelligence analyst at Abnormal Security, wrote in the report. Impersonation Game The emails tried to dupe users into sending their log-in information to the threat actors in one of two ways, each of which required further action from the target. In both cases attackers pretended to be contacting users from TikTok, which is owned by Chinese company ByteDance. One of the emails sent in the campaign informed the user that his or her account violated TikTok’s copyright and asked the user to reply to the email to verify the account, threatening to remove the account in…

Source