Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Abonnieren

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

As social media platforms become popular, scammers aren’t far behind. One of the more popular social media scams involving adult-dating has started to emerge on TikTok over the last six months.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

Since March 2019, I’ve been tracking the activity of a number of scam accounts on the popular short-form video platform TikTok. The social media site’s user base took off after it merged with musical.ly in August 2018, topping 1 billion monthly active users (MAUs) earlier this year

Given TikTok’s meteoric rise in popularity, it comes as no surprise that scammers would take notice. So far, these scams appear to be in their infancy. There is no WikiHow entry for how to create TikTok scams...yet. However, it’s clear the scammers are already reaping the benefits of using the platform to accomplish one or more of the following:

  1. Boosting likes and followers in order to raise the popularity of a profile.
  2. Gaming the cost-per-action networks of adult dating websites that pay for qualified leads.
  3. Taking advantage of cost-per-install networks, which offer monetary rewards to users who drive other users to install apps.

In this two-part series, we’ll explore three of the most common types of scam accounts I’ve been tracking, which involve one or more of the following categories:

  • adult-dating;
  • impersonation; and
  • increasing followers/likes. 

Here, in part one, we discuss how scammers are using fake profiles to trick unsuspecting TikTok users to sign up for adult dating websites or pay for fraudulent “premium” Snapchat accounts. In part two, we explore the tactics involved in creating imposter accounts and how these are used to increase followers and clicks, while also discussing the oldest trick in the scammer’s playbook — offering free likes and followers. We informed TikTok and Snapchat of our findings. TikTok said it is in the process of removing the accounts we identified and actively working to identify and remove others. Snapchat directed us to a support article. 

We expect these scam activities to only increase as TikTok continues to dominate the Apple App Store marketplace, remaining at the top of the App Store Downloads page for multiple quarters, while also trailing behind only Facebook properties WhatsApp and Messenger in Overall Downloads on mobile platforms.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

Adult Dating Scam Accounts

“Damn your girl so fine, but her breath is like woah.”

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

The first type of scam accounts I’ve observed on TikTok are those promoting adult dating. These profiles feature stolen videos from sources like Instagram and Snapchat, featuring women dancing, posing in bikinis, working out or just going about their normal day-to-day lives.

For example, we were able to identify one of the adult-themed TikTok accounts using a stolen video of a swimwear model.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

These profiles appear under the “For You” page, which is a page curated by a TikTok algorithm based on views and likes, though the specifics of how the algorithm works is not known. Typically, TikTok users append the hashtags #foryoupage, #foryou and #fyp as a way to try to get featured on these pages, but that doesn’t appear to be a tactic used by these scam accounts.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

While these accounts could use their TikTok profile biography to promote their adult-themed dating websites, the scammers primarily use these accounts to drive users to a separate Snapchat account, which they promote in their video captions. Examples of such captions include:

  • “Waiting in my 18+ SnapChat: [username]”
  • “Urge you follow me on SnapChat: [username]”
  • “Maybe u come help me sleeping? Wait u in Snapchat: [username]”
  • “I hope you to hold me a hard k.i.ss and… Go my Snapchat: [username]”
  • “Would you come help me remove my clothes? Go Snapchat: [username]”
  • “More n.u.d.e items in my Snapchat: [username]”

In some captions, certain words contain periods between the letters, e.g. “nude” is “n.u.d.e” and “kiss” is “k.i.ss” though it’s unclear if this is an active attempt to bypass keywords that TikTok might be searching for to remove these spam accounts.

In addition to the captions, the accounts contain a variety of hashtags, from the obvious — such as #stripdance, #stripped, #tweark [sic], #topsmodels, #18plus, #18plusonly and #18pluscontent — to the more benign and often regional in nature — such as #windycity, #massachusetts, #pittsburgh, #miamibeach, #nashville, #sf, #philadelphia.

Another interesting approach undertaken by these adult dating scam accounts is their use of original sounds. TikTok users are encouraged to make videos based on existing sounds. My current assumption is that the scammers are either using sounds attached to the stolen videos, thus requiring them to create an original sound, or using original sounds to prevent the discovery of their videos via any algorithms TikTok has in place when listed under a different sound.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

Based on their comments on videos posted to these fake accounts, it seems many TikTok users believe the videos are actually posted by the women themselves. Some scam accounts may follow users, but otherwise they do not appear to engage with users in a more direct way.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

Based on a sampling of adult dating scam accounts I’ve encountered since March 2019, on average each account would follow 299 users, would be followed by 650 users and receive an average of 1,744 likes across their videos.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

The most successful adult dating scam account I’ve been tracking received over 34,000 likes across their videos and gained over 12,300 followers.

Directing Users to Snapchat 

Using Snapchat as a vehicle to promote spam from other services/platforms is a fascinating workaround. Because Snapchat has historically operated within a walled garden, it’s a unique way to stealthily create these adult dating accounts that are only accessible to those who know their usernames or Snapcodes.

If a TikTok user moves to Snapchat to add these adult-themed Snapchat accounts, they’ll be presented with a Snapchat Story that features videos, often of the same unidentified woman, either being sexually suggestive, displaying nudity or performing sexual acts on themselves with a sticker or an emoji covering the explicit part of the video.

The stories themselves also contain a link attachment that directs users to an external page hosted on Google Sites.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

The Google Sites page is gated with an “age verification” question, asking the viewer if they are 18 years old or not. Regardless of which option the user selects, they will be redirected to what is referred to as a prelander, or intermediary, page, used by scammers who sign up for adult dating affiliate programs. The page poses a series of questions to the visitor, whose answers are not used whatsoever. It is merely part of the ruse.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

Once the user completes the survey, they are redirected to the real adult dating site, which offers an affiliate program to drive traffic and sign-ups. These scammers use a cost-per-action (CPA) network that provides offers to affiliates in exchange for some sort of revenue share. For instance, the CPA network will likely take 20 percent off the top of the affiliate marketer’s payout, leaving the user with 80 percent to themselves.

The adult dating website used in one of the more recent TikTok adult dating scams is flirt.com. The CPA networks advertise flirt.com affiliate leads that could earn a scammer anywhere between $1 to $3 dollars for a qualified lead tied to a specific geographic region, a preferred age category (above 25, for example) or a new user account. However, if a single lead converts to become a paid user by adding a credit card to the account on the adult dating website, the scammer could potentially earn over $50.

Affiliate programs are great incentives for scammers to make a quick buck, and the overhead costs for creating fake accounts on apps like TikTok and Snapchat are very low, so the potential return on investment is huge.

Premium Snapchat Offer

In recent weeks, the scammers behind these accounts have begun pivoting away from affiliate programs, bypassing the need to convince a user to sign up for an adult dating website. Instead, they’re asking users to subscribe to a “premium” Snapchat account. The rise in popularity of legitimate Snapchat premium accounts is a real phenomenon in which people earn money by posting Not-Safe-For-Work (NSFW) Snaps from a more private account.

TikTok Scams: How Popular Apps and Services Become New Havens for Scammers

In the case of these scammers, they are offering their so-called “premium Snapchat” for $10. They ask the user to make the payment through PayPal and to take a screenshot. If users “swipe up” they’re redirected to a PayPal payment site to send the scammer the funds they’re requesting. I’ve seen a few variations of the premium Snapchat offer from these scam accounts, altering the requested payment from a minimum of $5 to a maximum of $20.

As you can imagine, the users who pay for the supposed “premium” Snapchat aren’t likely to get anything in return. Instead, the scammers move away from being a middle man, getting paid directly by their victims instead of through a CPA firm.

This concludes part one of our two-part series. In the next installment , we’ll explore the tactics used by impersonation accounts as well as those designed to take advantage of the TikTok users desire to obtain a large number of followers or likes on their videos.

Erfahren Sie mehr:

Verwandte Artikel

Sind Sie durch die neuesten Exploits gefährdet?

Geben Sie Ihre E-Mail-Adresse ein, um die neuesten Warnmeldungen zu Cyberrisiken in Ihrem Posteingang zu erhalten.

tenable.io

30 TAGE KOSTENLOS


Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können.

tenable.io KAUFEN

Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können. Erwerben Sie noch heute Ihre jährliche Subscription.

65 Assets

Wählen Sie Ihre Subscription-Option:

Jetzt kaufen

Testen Sie Nessus Professional kostenlos

7 TAGE KOSTENLOS

Nessus® ist der umfassendste Schwachstellen-Scanner auf dem Markt. Nessus Professional unterstützt Sie bei der Automatisierung des Scan-Prozesses, spart Zeit in Ihren Compliance-Zyklen und ermöglicht Ihnen die Einbindung Ihres IT-Teams.

Nessus Professional kaufen

Nessus® ist der umfassendste Schwachstellen-Scanner auf dem Markt. Nessus Professional unterstützt Sie bei der Automatisierung des Scan-Prozesses, spart Zeit in Ihren Compliance-Zyklen und ermöglicht Ihnen die Einbindung Ihres IT-Teams.

Mehrjahreslizenz kaufen und sparen! Mit Advanced Support erhalten Sie rund um die Uhr, 365 Tage im Jahr Zugang zum Support – per Telefon, Chat und über die Community.

Lizenz auswählen

Mehrjahreslizenz kaufen und sparen!

Support und Training hinzufügen

Tenable.io 30 TAGE KOSTENLOS TESTEN

Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können.

Tenable.io KAUFEN

Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können. Erwerben Sie noch heute Ihre jährliche Subscription.

65 Assets

Wählen Sie Ihre Subscription-Option:

Jetzt kaufen

Tenable.io Web Application Scanning testen

30 TAGE KOSTENLOS

Profitieren Sie vom vollen Zugriff auf unser neuestes Angebot zum Scannen von Web-Applikationen, das als Teil der Tenable.io-Plattform für moderne Applikationen entwickelt wurde. Scannen Sie auf sichere Weise Ihr gesamtes Online-Portfolio auf Schwachstellen – mit hoher Genauigkeit und ohne großen manuellen Aufwand oder Unterbrechung kritischer Web-Applikationen. Melden Sie sich jetzt an.

Tenable.io Web Application Scanning kaufen

Wir bieten Ihnen vollen Zugriff auf eine moderne, cloudbasierte Schwachstellen-Management-Plattform, mit der Sie alle Ihre Assets mit beispielloser Genauigkeit sehen und nachverfolgen können. Erwerben Sie noch heute Ihre jährliche Subscription.

5 FQDN

3.578,00 USD

Jetzt kaufen

Tenable.io Container Security testen

30 TAGE KOSTENLOS

Profitieren Sie von vollem Zugriff auf die einzige Lösung für Containersicherheit, die in eine Schwachstellen-Management-Plattform integriert ist. Überwachen Sie Container-Images auf Schwachstellen, Malware und Richtlinienverstöße. Kann in Systeme für kontinuierliche Integration und Bereitstellung (CI/CD) eingebunden werden, um DevOps-Praktiken zu unterstützen, die Sicherheit zu stärken und die Einhaltung von Unternehmensrichtlinien zu fördern.

Tenable.io Container Security kaufen

Tenable.io Container Security ermöglicht eine nahtlose und sichere Umsetzung von DevOps-Prozessen, indem es die Sicherheit von Container-Images – einschließlich Schwachstellen, Malware und Richtlinienverletzungen – durch Integration in den Build-Prozess transparent macht.

Tenable Lumin testen

30 TAGE KOSTENLOS

Mit Tenable Lumin können Sie Ihre Cyber Exposure visualisieren und genauer untersuchen, die allmähliche Reduzierung von Risiken nachverfolgen und Benchmark-Vergleiche mit ähnlichen Unternehmen anstellen.

Tenable Lumin kaufen

Kontaktieren Sie einen Vertriebsmitarbeiter, um zu erfahren, wie Lumin Sie dabei unterstützen kann, Einblick in Ihr gesamtes Unternehmen zu erhalten und Cyberrisiken zu managen.

Tenable.cs testen

30 TAGE KOSTENLOS Profitieren Sie von vollem Zugriff, um Fehlkonfigurationen der Cloud-Infrastruktur in den Design-, Build- und Runtime-Phasen Ihres Software Development Lifecycle (SDLC) zu erkennen und zu beheben.

Tenable.cs kaufen

Kontaktieren Sie einen Vertriebsmitarbeiter, um mehr über Cloud Security und die Absicherung jedes Schritts vom Code bis zur Cloud zu erfahren.