This TikTok trend is helping cybercriminals steal huge amounts of money

System Hardening Android
(Image credit: Google)

Cybercriminals have seemingly adopted a TikTok prank, given it a little twist, and are now actively using it to steal money from victims.

For some time now, TikTokers have been sharing a prank in which they would call one of their friends using an automated answering machine, whose voice is generated with an online translator.

They would then tell that friend that they’re a representative of a major retail brand, and ask them to confirm a large purchase (which, obviously, never happened). Once the person being pranked tries to “cancel” the order, the answering machine would instead confirm it, as if it misheard. At that moment, whatever the pranked person would say, the machine would answer as if to confirm the purchase.

Adopting a prank

While on TikTok, this is nothing but a harmless prank, elsewhere, cybercriminals are actually scamming people out of their money, according to Kaspersky. The process is simple, they would send an email to a victim, saying they made a large purchase (usually more than $2,000) that needs confirming or canceling. 

The email would also share a phone number which the victim can call, to “confirm” their identity and cancel the order. Those gullible enough to ring “customer support” up usually end up sharing sensitive payment data with the attackers and, consequently, having their accounts cleared. 

During the phone call, the attackers would also try to intimidate the victims, creating a false sense of urgency and pressuring them until they yield. 

In the three months leading up to July, roughly 350,000 of these emails were spotted by Kaspersky, it was said, while just in June, there had been 100,000 of those. 

Cybercriminals have been using phone lines as attack vectors a bit more lately, mostly because email protection services are doing a good job at filtering emails carrying phishing links and attachments carrying viruses or ransomware. 

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.