Hackers are using TikTok in new phishing attacks as they try to steal people's Microsoft Office 365 credentials, a new report from Cofense has warned.
The company's researchers detected that someone was sending phishing emails threatening victims that all their emails would be deleted unless they pressed a button. The novelty of this campaign is that the button actually directs to TikTok.
For the attack to work, attackers use TikTok URLs. A TikTok URL typically appears in the bio of a profile that has links to external websites, the researchers explained, so the TikTok URL can redirect the visitor to any site the profile owner chooses.
Detecting the scam
If the recipient of the phishing email misses the trick and clicks the button in the message, they will be sent through a series of redirects and eventually arrive at a web page that looks like a Microsoft 365 login site, with the company logo and everything. The malicious site even auto-fills the user's email address to improve legitimacy.
However, since this is a fake website, controlled by the attackers, any information (including passwords) sent there goes directly to the hackers.
The use of TikTok URLs may be novel, but the general methodology does not differ much from what we are used to seeing. The email still comes from a completely foreign domain. It is still full of grammatical and spelling errors. Finally, the landing page URL doesn't even look like a Microsoft domain.
Therefore, detecting the attack shouldn't be too difficult: you just have to be a little attentive to the emails that arrive and not trust everything in your inbox.