A new report out today from phishing defense company Cofense Inc. details a new phishing scam that uses TikTok URLs to redirect users to malicious sites, in particular targeting Microsoft 365 credentials.
Phishing campaigns using social media platforms such as YouTube and Facebook are not new and have a similar theme — deceiving users into clicking on links. Where this campaign becomes interesting is the use of TikTok URLs. They usually appear only in the bios of TikTok profiles that have links to external URLs, but in this case, they are being featured in phishing emails.
The use of TikTok URLs is also notable as they bypass some user suspicion and capitalize on the trust TikTok users have for the platform. The method of exploiting a legitimate site to redirect to a malicious site highlights the evolving nature of phishing campaigns and the need for continuous vigilance online.
The phishing campaign involves a threat actor claiming via email to be an Office 365 alert from the user’s company information technology department urging the user to follow a URL to cancel a request to delete emails in the inbox. The tactic is used to incite fear and to scare a user if action is not taken.
The emails also use a colored button that the user is prompted to follow to address the issue that employs TikTok as its initial domain for the redirect.
Once users click the link containing the TikTok URL, they’re taken through various redirects before landing on the final phishing page, which somewhat resembles a legitimate Microsoft login page with the company’s logo. For added legitimacy, the final page also auto-fills the users’ email addresses in an attempt to trick them into believing they have been sent to a legitimate login site.
The phishing page also includes a section telling users to follow a link or call a phone number for assistance if they have trouble signing in. Though the phone number is legitimate, the URL redirects back to the phishing page.
“This campaign highlights the increasing sophistication of threat actors who exploit social media platforms to deceive recipients,” said Brandon Cook and Brooke McLain from the Cofense Phishing Defense Center. “By exploiting TikTok’s popularity to potentially bypass suspicion and by impersonating a company’s IT department with false urgent messages, attackers exploit both user trust and fear of data loss.”
The report concludes that users must be cautious of where emails originate from and should always stay alert for unfamiliar or unrelated URLs, which are key to safeguarding against evolving threats.