Windows 10 21H2 is released, here are the new features
New Rowhammer technique bypasses existing DDR4 memory defenses
WordPress sites are being hacked in fake ransomware attacks
Emotet malware is back and rebuilding its botnet via TrickBot
Most SS7 exploit service providers on dark web are scammers
Russian ransomware gangs start collaborating with Chinese hackers
TikTok phishing threatens to delete influencers’ accounts
Victims of $2 billion BitConnect fraud to get back $57 million
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
TikTok phishing threatens to delete influencers’ accounts
Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers’ managers.
Abnormal Security researchers who spotted the attacks, observed two activity peaks while observing the distribution of emails in this particular campaign, on October 2, 2021, and on November 1, 2021, so a new round will likely start in a couple of weeks.
In some cases seen by Abnormal Security, the actors impersonate TikTok employees, threatening the recipient with imminent account deletion due to an alleged violation of the platform’s terms.
Another theme used in the emails is offering a ‘Verified’ badge that adds credibility and authenticity to the account.
TikTok ‘Verified’ badges give weight to the content posted by verified accounts and signal the platform’s algorithms to ramp up the exposure rates of posts from these accounts.
Using this bait for phishing is very effective as many people would be thrilled to receive an email offering them the chance to get a verification badge.
In both cases, the attackers provide their targets with a way to verify their accounts by clicking an embedded link.
However, they are instead redirected to a WhatsApp chat room where they’re welcomed by a scammer pretending to be a TikTok employee awaits.
The scammer asks for their email address, phone number, and one-time code required to bypass multi-factor authentication and reset the account’s password.
It is unclear what the phishing actors aim for in this campaign, but it could be either an attempt to take over the targets’ accounts or to extort the account owners and force them to pay a ransom for giving them back control.
TikTok’s terms of service make it clear that if an account, especially one with many followers, violates its services, it will be permanently suspended or terminated.
This means that the actors can easily threaten to post something inappropriate, resulting in the deletion of a profile that its owner may have spent a lot of time and money to bring to its current form.
If you own and/or manage valuable social media accounts, make sure to backup all your content and data somewhere safe.
Also, you should always secure your account with two-factor authentication (2FA) or 2-step verification, as TikTok calls it, ideally with a hardware security key.
If you can only use the less secure SMS-based 2FA option, pick up a private number you’ve shared with nobody and use it only for this purpose.
Crypto investors lose $500,000 to Google Ads pushing fake wallets
Beware: Free Discord Nitro phishing targets Steam gamers
Intuit warns QuickBooks customers of ongoing phishing attacks
New “Elon Musk Club” crypto giveaway scam promoted via email
Most SS7 exploit service providers on dark web are scammers
Not a member yet? Register Now
New Microsoft emergency updates fix Windows Server auth issues
High severity BIOS flaws affect numerous Intel processors
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

Telnyx is the latest VoIP provider hit with DDoS attacks

HPE says hackers breached Aruba Central using stolen access keyFBI warns of…

Emotet malware is back and rebuilding its botnet via TrickBot

New Microsoft emergency updates fix Windows Server auth issues7 million Robinhood user…

Fake TSA PreCheck sites scam US travelers with fake renewals

US regulators order banks to report cyberattacks within 36 hoursHackers deploy Linux…

Microsoft Exchange servers hacked to deploy BlackByte ransomware

Former Ubiquiti dev charged for trying to extort his employerNew malware hides…