TikTok might be the hottest social media platform in the world. Still, it’s spreading more than dance videos and questionable recipes. Hackers have found a way to use the site for their phishing campaigns, hiding malicious links in user bios to steal Microsoft 365 login credentials. The TikTok links exploit user trust in the platform but are fairly easy to spot and avoid. Schedule a discovery call to learn how to protect your business from similar threats.
Hackers Are Using Social Media To Steal Your Information
This recently discovered social media exploit starts like so many others: with an email. Victims receive an email that appears to be from their company’s IT department, asking them to confirm their request to delete their email box.
If the email recipient clicks on the link, they are redirected to TikTok—a huge clue that the message isn’t legitimate. Hackers use a TikTok links exploit, where the user bio contains a malicious redirect link that takes the victim to a fake Office 365 login page. The link may redirect several times, but the end goal is always the same: tricking users into entering their Microsoft login credentials. By stealing usernames and passwords, hackers gain unauthorized access to secure areas of your network.
Avoiding TikTok Link Hijacks
As phishing campaigns go, this one is particularly amateur. Most people with basic knowledge of spotting fake emails will delete it immediately. Despite claiming to come from IT, the email domain in these messages doesn’t match any official company email, and there are numerous spelling and grammatical errors.
For those who don’t spot the issues in the email and click the link, being redirected to TikTok should serve as another red flag. The final Microsoft login page also contains multiple errors that should make users wary. Sign up for our Cybersecurity Tip of the Week to stay informed on how to avoid these phishing scams.
Key Red Flags to Spot:
- Suspicious links redirecting to social media platforms like TikTok
- Unusual sender addresses or email domains
- Poor spelling and grammar in the message
- Requests for urgent action or personal information
- Auto-filled information on fake login pages
By being cautious of unfamiliar links and email requests, you can protect your business from falling victim to phishing attacks. Always verify the sender and never click on links that seem suspicious. Protect your employees and customers by ensuring that your security measures are up-to-date. Learn more about Network Security and how to safeguard your business from attacks.
