According to researchers from abnormal security, phishing emails targeting large TikTok accounts contain fake copyright warnings or offers for account verification.
Prime targets, that included social media production studios, influencer management firms, content producers, actors, models, and magicians, were notified that their posts were violating on copyright laws and that they had 48 hours to respond or their accounts would be removed.
Researchers received another email after responding to the first, this time with a shortened link titled “Confirm My Account,” which took them to a WhatsApp chat conversation. In that WhatsApp chat, researchers were requested to authenticate the phone number and email address linked with the targeted TikTok account.
Hackers posing as TikTok officials then demanded to confirm ownership of the account by entering the six-digit code received. According to researchers, this is one method hackers use to get around two-factor authentication. After finding that their TikTok audience engagement was below par, hackers ended their interaction with researchers.
Another email offered victims a validated badge and a link to “verify” them by clicking. This resulted in a WhatsApp conversation with the hackers posing as TikTok officials.
While the researchers were unable to determine the campaign’s purpose, they believe that past targeting of social media accounts on other platforms provides several options.
In recent years, social media accounts have increased in value, creating an incentive to ransom them back to their original owners for a large charge, researchers stated.
An underground industry has emerged to provide ban-as-a-service, particularly on Instagram, by exploiting abuse reporting processes to harass and censor other users.
Researchers noted that under this case, victim accounts are frequently terminated, particularly on TikTok.
In their terms of service, social media platforms clearly imply that they are not responsible for any data loss and advise users to back up all account data. According to researchers, data from deleted accounts is usually not recoverable by the platform.
Even if the ransom is paid, you may not be able to access your social media accounts again, causing people who rely on them to lose their entire livelihood in one swoop.
So what should you do if you think your account has been hacked? If you see the slightest sign of violation, the first thing you should do is change your account password. If you are unable to do this, please send a message describing your situation in detail, as the ‘Support’ section will select Report a problem. TikTok is a great app for expressing yourself, sharing your life, and passing the time, but it isn’t without flaws when it comes to security. As a result, taking measures is usually a smart idea. Educating yourself is the best safeguard you can take.