Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

TikTok Phishing Threatens to Delete Influencers’ Accounts

TikTok Phishing Threatens to Delete Influencers’ Accounts

Researchers have observed a new phishing campaign primarily targeting high-profile TikTok accounts belonging to influencers, brand consultants, production studios, and influencers’ managers.

Abnormal Security researchers who spotted the attacks, observed two activity peaks while observing the distribution of emails in this particular campaign, on October 2, 2021, and on November 1, 2021, so a new round will likely start in a couple of weeks.

You’ve got mail!

In some cases seen by Abnormal Security, the actors impersonate TikTok employees, threatening the recipient with imminent account deletion due to an alleged violation of the platform’s terms.

Also Read: 6 Types Of Document Shredder Machine Singapore Services

Phishing message alerting the recpient of a violation
Phishing message alerting the recipient of a violation
Source: Abnormal Security

Another theme used in the emails is offering a ‘Verified’ badge that adds credibility and authenticity to the account.

TikTok ‘Verified’ badges give weight to the content posted by verified accounts and signal the platform’s algorithms to ramp up the exposure rates of posts from these accounts.

Using this bait for phishing is very effective as many people would be thrilled to receive an email offering them the chance to get a verification badge.

Also Read: 10 Principles On How To Build A Good Governance Model

Email offering a verification badge to the user
Email offering a verification badge to the user
Source: Abnormal Security

In both cases, the attackers provide their targets with a way to verify their accounts by clicking an embedded link.

However, they are instead redirected to a WhatsApp chat room where they’re welcomed by a scammer pretending to be a TikTok employee awaits.

The scammer asks for their email address, phone number, and one-time code required to bypass multi-factor authentication and reset the account’s password.

Scammer discussing with the victim on WhatsApp
Scammer discussing with the victim on WhatsApp
Source: Abnormal Security

Account takeover or extortion?

It is unclear what the phishing actors aim for in this campaign, but it could be either an attempt to take over the targets’ accounts or to extort the account owners and force them to pay a ransom for giving them back control.

TikTok’s terms of service make it clear that if an account, especially one with many followers, violates its services, it will be permanently suspended or terminated.

This means that the actors can easily threaten to post something inappropriate, resulting in the deletion of a profile that its owner may have spent a lot of time and money to bring to its current form.

If you own and/or manage valuable social media accounts, make sure to backup all your content and data somewhere safe.

Also, you should always secure your account with two-factor authentication (2FA) or 2-step verification, as TikTok calls it, ideally with a hardware security key.

If you can only use the less secure SMS-based 2FA option, pick up a private number you’ve shared with nobody and use it only for this purpose.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us