New reports reveal that a recent phishing campaign has targeted over 125 large TikTok accounts owned by content creators and brands worldwide. According to the report, the phishing email received by the victims contained warnings about their accounts being deleted for copyright violations or being eligible for a verification badge.
Victims may get dazed by the email and reply to the message. The threat actors will then send them a link to a WhatsApp chat, where a fake TikTok representative will communicate with them to check their accounts.
The targeted accounts were yet to be verified if they were breached. However, the phishing campaign shows that social media giants such as TikTok could fascinate threat actors to attack.
From a report of a security analyst, the latest phishing campaign has targeted accounts of social media production studios, talent agencies, influencer management firms, and brand consultant firms, aside from the individual account owners. While the names and brands of the affected victims were not disclosed, it is revealed that these big accounts have millions of followers.
Two batches of fraudulent emails were sent to the victims around October 2 and November 1. From these emails, the victims were told that the content they posted had violated TikTok’s copyright laws or that they had been eligible for a verification badge. Responding to this will lead them to a WhatsApp chat where they would be required to “verify” the mobile number and email address linked to their accounts with a six-digit number that seemed like a 2FA code sent to their provided mobile numbers.
Threat actors behind the campaign were not yet identified. It is usual for attacks against social media platform account owners to be redirected to another messaging app, such as WhatsApp or Google Hangouts, where the fraudulent interaction will commence.
TikTok is one of the giants in the social media scene, with over a billion active users worldwide. Owned by a Chinese-based firm ByteDance, it was announced that the platform had marked its 45% increase rate since July last year. TikTok content creators with massive followers earn huge money from the platform, making them prime targets of threat actors in phishing attacks.
A spokesperson from the social media giant refused to answer questions related to the incident. Nevertheless, they did warn users to be wary of these malicious campaigns as they ensure everyone’s safety within the platform.