Hackers are using TikTok in new phishing attacks as they attempt to steal people’s Microsoft Office 365 credentials, a new report from Cofense has warned.
The company’s researchers detected someone sending out phishing emails threatening victims that all of their emails will be deleted unless they press a button. What’s new about this campaign is that the button actually leads to TikTok.
To make the attack work, the attackers employ TikTok URLs. A TikTok URL usually appears in the bios of a profile that has links to external websites, the researchers explained – so therefore, the TikTok URL can redirect the visitor to whatever site the profile holder chooses.
Spotting the scam
If the phishing email recipient does not spot the trick and clicks the button in the message, they will be sent through a number of redirects, ultimately landing on a web page that looks like a Microsoft 365 login site, with the company logo and all. The malicious site even autofills the user’s email address in order to improve legitimacy.
However, since this is a fake website, controlled by the attackers, any information – including passwords – submitted there, go straight to the hackers.
The use of TikTok URLs may be novel, but the overall methodology does not differ much from what we’re used to seeing. The email still comes from a completely unrelated domain. It is still full of grammar and spelling mistakes. Finally, the URL of the landing page does not even come close to resembling a Microsoft domain.
Therefore, spotting the attack should not be too difficult – it only takes being a little mindful of the emails coming in, and not trusting everything in the inbox.
