TikTok’s latest headache? It’s the latest platform to be targeted by scammers, attracted by its sharp growth in users.
Cybersecurity firm Tenable has published a blog post outlining a scam involving ‘adult-dating’ services. “These profiles feature stolen videos from sources like Instagram and Snapchat, featuring women dancing, posing in bikinis, working out or just going about their normal day-to-day lives,” wrote Tenable’s senior security response manager Satnam Narang.
“While these accounts could use their TikTok profile biography to promote their adult-themed dating websites, the scammers primarily use these accounts to drive users to a separate Snapchat account, which they promote in their video captions… Based on a sampling of adult dating scam accounts I’ve encountered since March 2019, on average each account would follow 299 users, would be followed by 650 users and receive an average of 1,744 likes across their videos.”
The fact that these accounts could be recommended to people on their ‘For You’ page in TikTok is a headache for the app, but that problem is compounded by the fact that it still has a lot of children using the service. Cracking down on these scam-accounts may be difficult, but it will be very necessary.
In the meantime, music labels running marketing campaigns on TikTok (as on other platforms) should be aware that scam accounts may try to dive in on popular hashtag challenges.
Update: TikTok has provided Music Ally with a response to Tenable’s post. “TikTok has strict policies to safeguard users against fake, fraudulent or misleading content. We flag and remove most spam accounts before they can reach users’ feeds, and we continuously improve our protections, even as malicious actors work to evade our safeguards,” said a spokesperson.
“TikTok had already removed all of the accounts identified as spam before this blog was published. As part of our regular process, we constantly review the tactics of malicious accounts to further strengthen our systems.”
The spokesperson added that TikTok’s community guidelines include a specific section on ‘Impersonation, spam, scams, or other misleading content’ outlining its policy on these kinds of accounts. The relevant sentence: “DO NOT post any content, or conduct any activity, that harms members of our community. This includes defrauding users, phishing schemes, and deceptive practices.”