Phishing Scam Aims to Hijack TikTok ‘Influencer’ Accounts

Threat actors used malicious emails to target more than 125 people with high-profile TikTok accounts in an attempt to steal info and lock them out.

A recently discovered phishing scam tried to takeover more than 125 high-profile user accounts on TikTok. Researchers said the campaign marks one of the first major attacks on “influencers” found on the TikTok social-media platform.

Researchers at cloud email security provider Abnormal Security detected the scams that attempted to take over people’s accounts by sending emails impersonating TikTok and asking users to verify their log-in information.

The campaign, tracked on Oct. 2 and Nov. 1, was sent to individuals worldwide. Each target had large-volume TikTok accounts “of all kinds and across disparate locales,” according to a Tuesday report authored by Abnormal Security.

“Among the typical talent agencies and brand-consultant firms we would expect to see, this actor sent messages to social media production studios, influencer management firms, and content producers of all types,” Rachelle Chouinard, a threat intelligence analyst at Abnormal Security, wrote in the report.

Impersonation Game

The emails tried to dupe users into sending their log-in information to the threat actors in one of two ways, each of which

Read More: