Researchers have recently discovered a new phishing scam focused on stealing information and locking out over 125 high-profile TikTok accounts belonging to influencers, brand consultants, production companies, and influencers’ managers.
How Did It Happen?
Cybersecurity experts at cloud email security provider Abnormal Security discovered the phishing campaign in which attackers attempted to take over the users’ accounts by sending emails posing as TikTok and asking them to confirm their log-in details.
While analyzing the distribution of emails in this operation, Abnormal Security specialists saw two activity peaks on October 2, 2021, and November 1, 2021, indicating that a new wave will most likely begin in a few weeks. According to them, the campaign was sent to individuals all over the world.
What Were the Emails Saying?
According to Abnormal Security, in some instances, the cybercriminals pretended to be TikTok personnel, trying to intimidate the user with account deactivation threats due to a supposed violation of TikTok’s terms.
In these cases, the victim was requested to respond to the email in order to confirm the account, threatening to delete the account in 48 hours if no action was taken.
A second email, purportedly sent by “TikTok officials,” notified account