Researchers from Abnormal Security they noticed a new one phishing a campaign that primarily targets TikTok accounts belonging to influencers, brand consultants, production studios, and influencer managers.
Researchers who spotted the attacks noticed two peaks in this campaign, observing the distribution of emails, on October 2 and November 1, so the new round will probably start in a few weeks.
In some cases seen by researchers, attackers sent emails posing as TikTok employees, threatening the recipient with deleting the account for allegedly violating the platform’s terms.
Another topic used in emails is the “Verified” badge offer, which gives credibility and authenticity to the account. TickTok badges give weight and content published by verified accounts and signal platform algorithms to increase the visibility rate of posts from these accounts. Using this bait for phishing is very effective because many people would be thrilled if they got the chance to get a verification badge.
In both cases, the attackers give potential victims the opportunity to verify their accounts by clicking on the link. However, they are instead redirected to a WhatsApp chat room where a scammer who pretends to be a TikTok employee is waiting for them.
The fraudster asks for their email address, phone number and one-time code needed to bypass multi-factor authentication and reset the account password.
It is unclear what the attacker’s goal is, but it can be either an attempt to take over the order or an attempt to blackmail the account holder and force him to pay a ransom in order to regain control of the order.
If you own or manage valuable social media accounts, be sure to back up your account content and data and keep it safe.
Also, protect your account with 2-step verification, preferably with a hardware security key.
If you can only use the less secure two-factor authentication option, which involves sending a code via SMS, it is recommended that you purchase a private number that you have not shared with anyone and use it only for that purpose.
Source: Informacija.rs by www.informacija.rs.
*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!