Popular TikTok video editor CapCut used to trick victims in phishing scam
No, you didn't just pay for the premium subscription

- Phishing emails "notify" victims of an active $50 subscription
- Victims can "cancel" the subscription, by clicking on a link in the email body
- The link leads to a fake login page where Apple ID credentials are harvested
Cybercriminals are impersonating a popular video editing app to steal people’s Apple ID logins, security researchers are warning.
Earlier this week, the security outfit Cofense warned about spotting a new phishing campaign. In it, the attackers would spoof CapCut, a video and graphic editing app developed by ByteDance, the company behind TikTok.
CapCut is immensely popular, boasting hundreds of millions active users. It offers both a free tier, and a paid tier, which is what the attackers are now abusing.
Get 55% off Incogni's Data Removal service with code TECHRADAR
Wipe your personal data off the internet with the Incogni data removal service. Stop identity thieves
and protect your privacy from unwanted spam and scam calls.
Stealing credentials
The spoofed email imitates CapCut’s branding to boost legitimacy, and “notifies” the victim that they just subscribed to the paid version, costing $50.
Further in the email, the victim is offered to “cancel subscription” if it was made by mistake.
With many mobile apps charging for their services by default, it’s not completely irrational to trust the email, and rush to cancel the subscription.
However, clicking on the link redirects the victim to a fake Apple login page, where they are asked to provide their Apple ID credentials.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
These credentials are then relayed to the attackers, which they can use to access people’s images, messages, and other sensitive data. They can also use it to make purchases, causing direct financial harm, as well.
The best way to defend against these attacks, Cofense says, is to be skeptical of all incoming emails, especially those that require people to urgently do something:
“This phishing campaign highlights how easily trust can be manipulated through familiar branding and urgency. By imitating CapCut’s/Apple’s identity and dangling the threat of unwanted charges, attackers guide victims through a seamless two-stage credential theft process,” the researchers explain.
“The use of a fake verification step at the end is a subtle yet strategic move to delay suspicion and extend the attack window. As always, skepticism is a critical defense—check URLs carefully, question unexpected prompts for sensitive information, and report suspicious messages.”
Via Cybernews
You might also like
- Scammers have a new phishing trick for iPhone users – here’s how to avoid falling victim
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.