- Carey van Vlaanderen, Managing Director of ESET South Africa shares some tips and insights on what to avoid to stay safe.
Launched in 2016, TikTok currently has 6.44 million active users in South Africa over the age of 18, which is no small feat compared to Facebook which has been running since 2006 with 24.20 million users in the country. With such a wide reach, fraudsters are never far behind. Cybercriminals are exceptionally creative with their tactics and always follow trends closely, often predicting changes ahead of the masses to increase the likelihood of their scam being successful. However, scams aren’t the only dangers lurking around the popular video sharing app, and users would do well to know how to stay safe while enjoying themselves. Given that it’s so easy to lose track of time when scrolling through the app, it’s not hard for scammers to catch people off guard, which can lead to them losing money, their account, or even their reputation.
Top TikTok scams to be aware of and avoid
1. Don’t be fooled by get-rich-quick and crypto scams
Is Elon Musk really going to give random strangers online a million dollars? Is a global brand really going to give away a luxury vehicle just to follow a new account? Unlikely. If it sounds too good to be true, it usually is. Fraudsters are known to lure people into their web of deception with offers of large rewards for little effort. Cryptocurrencies have skyrocketed (and bottomed out) recently, so they remain a favorite target for scammers trying to separate unsuspecting people from their money. Contests and giveaways must be carefully scrutinized. Even if they’re not out to scam you out of money, your personal information can be just as useful to a fraudster looking to commit identity theft.
2. Don’t click on these TikTok phishing messages
A TikTok scam email or text is a message that goes out randomly, like a typical phishing message, but with the intention of landing in a TikToker’s inbox. Such a message may claim to offer a verified brand, more followers or even a brand sponsorship. When the target clicks on the link in the message, they will be redirected to a website that asks for TikTok login information. If the user doesn’t have two-factor authentication (2FA) enabled (which TikTok accounts don’t have by default), the hackers can take full control of the account and completely lock out the owner using their login details.
3. Do not engage with bot accounts
Despite their best efforts, TikTok is still rife with bot accounts that cleverly interact with users in a way that makes the targeted users think they are chatting with a real person. These bots may eventually ask victims for sensitive information or even suggest that victims be redirected to a website that is actually a scam website that tries to phish information from them or install malware on their phones.
4. Don’t get caught by TikTok scams
Fake accounts on TikTok often promote apps available for download. The problem is that these apps are also actually fake. Some accounts will claim that specific paid apps can be downloaded for free from certain third-party app stores. But in an attempt to steal your information, these apps will actually install malware or adware on your device. Avoid downloading other apps that don’t come from an official app store.
5. Don’t fall for fake celebrities
Some accounts attempt to impersonate real celebrities. They usually do this by duplicating the content of a celebrity’s account. This tactic is used to gain as many followers as possible. Before the scammer is caught and reported, they can use this account to promote further scams, such as cryptocurrency investment scams. Alternatively, scammers can use this account to gather as many followers as quickly as possible and then switch to a personal account, allowing them to leverage their now high follower count by monetizing or promoting other scams.
Stay safe on TikTok
While it’s challenging to hack into someone’s TikTok without being near the target’s phone and performing a spot of shoulder surfing, it’s a good reminder to make sure 2FA is turned on. This makes it more difficult for cybercriminals as they may be able to see the reset code sent to your mobile number (using spyware), but it is unlikely that they will also have access to your other authentication medium (email).
Other important safety tips
- Never share your login details with anyone: Like other platforms, TikTok will never contact you to ask for account details, passwords, one-time passwords or other verification methods.
- Make your account private: This means that the content you post on your account is not visible to anyone you don’t know.
- Allow only friends to send messages: Do not accept messages from strangers. If you only accept messages from friends, you don’t have to worry about the intent behind their message.
- Don’t suggest your account to others: Turning off “Suggest your account to others” prevents your account from attracting random users you don’t know. It will also stop your TikTok account from appearing in search engine results.
- Don’t let people download your videos: It is a feature that allows other users to download the videos you share on your channel. Turning this off ensures that no one uses your content, image or identity in a way you don’t want it to be used.
- Limit Comments: Cyberbullying is a huge safety concern these days, and it can happen to anyone. By disabling comments, you can ensure that no one uses your platform to say unkind or hurtful things to you or anyone else.
Finally, if you ever see videos on TikTok that you believe may be spam or phishing attempts, or you see malicious content, report it to TikTok immediately and avoid the associated links or accounts.
For PR information, contact GinjaNinja:
For more than 30 years, ESET® has developed industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, encryption and multi-factor authentication, ESET’s high-performance, easy-to-use solutions protect and monitor discreetly 24/7, updating defenses in real-time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the secure use of technology. This is supported by ESET’s R&D centers worldwide, working to support our shared future. For more information, visit www.eset.com/za or follow us on LinkedIn, Facebook and Instagram.