FraudOnTok Targets TikTok Shop
A new scam, FraudOnTok, targets TikTok Shop users. It uses fake websites to trick users. For example, over 15,000 fake domains mimic the platform. These sites aim to steal credentials and crypto.
AI-Driven Deceptive Ads
Attackers use AI-generated videos for scams. These videos mimic real influencers. Consequently, users trust fake ads. The ads promote heavily discounted products.
Fake Domains and Phishing
FraudOnTok creates lookalike the domains of TikTok Shop. The fake domains most use common web extensions. For instance, they host phishing pages. The phishing pages steal user login details.
Malware-Laced Apps
Some domains push fake TikTok Shop apps. These apps carry a harmful malicious software variant. Moreover, the malware steals sensitive data of the user login details. It targets both Android and iOS devices.
Tricking Users with Fake Logins
The fake apps prompt users for credentials details. Login attempts fail on purpose. Therefore, users try alternative login methods for them to login. This lets attackers steal session tokens.
Stealing Crypto and Data
FraudOnTok tricks users into depositing crypto. Fake storefronts promise big discounts. Additionally, attackers steal wallet seed phrases. They use image analysis to find them.
Three Main Scam Tactics
The campaign has three goals. It deceives affiliate sellers with fake products. For example, it asks for crypto payments. It also steals credentials via fake login pages.
Sophisticated Phishing Campaign
Another scam targets online banking users. It uses fake ads to redirect victims. Consequently, attackers steal login details. They even collect two-factor authentication codes.
Targeting Business Accounts
A related scam focuses on business platforms. It uses fake alerts to trick users. For instance, it targets ad accounts. This compromises valuable business assets.
Evolving Cyberthreats
Attackers use advanced evasion tactics. They interact with victims in real time. Moreover, they host scams on trusted platforms. This makes detection harder.
Preventing FraudOnTok Scams
To avoid FraudOnTok, verify website URLs before entering details. Use official app stores for downloads. Additionally, real-time threat monitoring spots fake ads. Cybersecurity training helps users recognize phishing attempts. By staying cautious, users can protect their data and funds.
Sleep well, we got you covered.
