The economic engine on social media platforms are the followers (or fans) and likes. Scammers take advantage of this economy, while others seek out ways to grow their following inorganically by impersonating popular creators and celebrities.
In part one of our two-part series on TikTok scams, we explored the tactics involved in getting users to sign up for adult dating sites and paying for phony premium Snapchat accounts. Here, in part two, we look at the ways scammers are impersonating popular TikTok accounts in order to obtain a genuine following without having to create original content. In addition, we explore the tried-and-true method of offering users free followers and likes for their own legitimate accounts, using them as pawns to earn money.
“Who are you? I am you. I am me. No sir, you are you.”
Another trend I’ve observed on TikTok is the presence of impersonation accounts. Impersonation on social media isn’t new by any means. We recently documented how scammers tried to outscam each other by impersonating an account called Sudan Meal Project claiming to donate meals to Sudanese civilians. In some of my earlier research, I uncovered a series of Instagram accounts impersonating lottery winners.
On TikTok, while the vehicle might be different, the destination is the same — impersonation for the sake of gaining followers before pivoting to a personal account.
Salice Rose, a popular creator of Vine, YouTube and TikTok videos, is one of many users who has been impersonated on TikTok.
In the image above, the original video from Salice Rose is on the left side of the panel. On the right side, an impersonator downloaded Salice’s video and reuploaded the same video, copying the video caption and adding in some hashtags. In this case, the impersonator’s video surfaced in the “For You” section of the TikTok app.
To trick users, the impersonation account uses non-standard characters in its username because “officialsalicerose” is already taken. In this case, the impersonator is using an “s” with an accent above it (ś) and an “e” with a macron above it (ē) at the end of the username.
Despite the real Salice Rose having a verified “popular creator” badge on her own profile, the impersonator still managed to gain over 7,000 followers on their account right off the bat. This is likely a byproduct of the impersonator’s videos appearing in the “For You” section for other TikTok users. This is the first Salice Rose impersonator I encountered.
However, not everyone who encounters these impersonation accounts falls for them. There were examples of TikTok users who commented on videos on the impersonator’s profile, one of whom said “stop trying to upload video that not yours thus [sic] is NOT your account” with another saying “You are just hurting people’s feelings.” These prompted responses from the impersonator to dismiss the criticism and call out those who are “hating” on them.
Impersonator Promoting Another Impersonator
In one of the impersonator’s videos, the video caption was changed to ask users to follow a separate Salice Rose impersonation account, likely one of their friends who followed the same blueprint.
Unlike the first Salice Rose impersonator, this second impersonator started posting videos of themselves as well as modifying the profile image and biography. The impersonator took these steps after managing to gain over 52,000 followers and over 83,000 likes. Similar to the first Salice Rose impersonator, this account’s username also uses non-standard characters.
Impersonators Tease a Face “Reveal”
The impersonator uses their impersonation account to their advantage by teasing that they might reveal their true identity to their followers.
Eventually, they post a video revealing their true identity, often encouraging followers to follow their live stream “to see more.”
The first Salice Rose impersonator went from over 7,000 followers to over 31,000 followers before revealing their true identity.
Pivoting Away From An Impersonation Account
The process of pivoting from an impersonation account to a personal account is normally very simple. Remove all traces of the videos that were stolen and used to gain followers, change the profile bio and change the profile image. However, TikTok presents one challenge to a clean account pivot: a username on TikTok can only be changed once every 30 days. As a result, many of these impersonation accounts might start the process of pivoting, but their usernames remain intact until the 30 days are up.
Other Impersonation Styles
Not all impersonators follow the same approach as observed in the Salice Rose case. There are a few other impersonation styles that can be classified as follows.
On the surface, a fan page is harmless. People are fans of artists and content creators, so it would make sense for these accounts to exist. But they’re also a really convenient way to gain followers.
Fans of Loren Gray, who is one of the most popular TikTok users with over 32 million followers, will often create fan pages in her name to show their enthusiasm. Among these, however, we find examples like the one pictured above. This fan page managed to gain over 361,000 followers. But did they always have the phrase “fanpage” in their profile bio? It’s possible they didn’t and that’s how they gained so many followers. If the person operating the fan page wanted to, they could easily pivot to a personal account. They may not, but it’s certainly an easy way to gain followers quickly.
Above is another example of a “big fan” account in Loren Gray’s name and image. However, this big fan wasn’t always a “big fan” as seen in the comments section.
A commenter called out the Loren Gray page for claiming to be Loren Gray’s “second account” which is another phenomenon in the world of impersonation.
“Second” or “Backup” Accounts
Besides outright impersonation of an account, the concept of a “secondary” or “backup” account is not an unusual precedent, but it’s also a convenient method for users to take advantage of TikTok users.
Baby Ariel, another popular TikTok creator, has an impersonator claiming to be a “backup account.” The imposter account not only gained over 82,000 followers, but, most surprisingly, attained over 2.4 million likes on the stolen videos and images. This so-called “backup account” may never pivot away to a personal account, but it’s been used to promote other accounts on other social networks like Instagram.
Impersonation is Global
While the impersonators featured here are all primarily U.S.-based, impersonation itself is a global issue. For instance, Neha Kakkar — a popular playback singer in Bollywood with nearly 10 million TikTok followers — is also the subject of impersonations on the platform.
In the image above, the official Neha Kakkar account has the “verified account” badge. Even though the impersonation accounts lack the verified account badge, they’ve still managed to rack up hundreds of thousands of followers and likes, leading some followers of the impersonation account to wonder which account is the real one.
Even Bollywood celebrities who don’t have a TikTok account are being impersonated. For instance, Salman Khan, one of the biggest Bollywood movie stars in the world, has impersonator accounts on TikTok.
This particular impersonator references another profile, potentially their own, in an effort to gain more followers who are fans of Salman Khan.
Based on their comments on these videos, users appear to believe it’s really Salman Khan when it’s not.
Verified Impersonation Account
As mentioned before, impersonation accounts claiming to be a “second” or “backup” account are another way for scammers to impersonate popular TikTok users. The most fascinating example of this involves Liza Koshy, another Vine, YouTube and TikTok creator with over 14 million followers on TikTok.
When looking for Liza Koshy on TikTok, users will come across two verified accounts. The first, which features a “popular creator” badge, is the real Liza Koshy account. The second, featuring the “verified account” badge, is an impersonator.
The real Liza Koshy posted a video on her profile of a skit. That same video was captured and reuploaded by the “backup” account to their impersonation account. The difference between the videos isn’t just the video quality (slightly degraded when downloaded), it’s also the video caption, which reveals their true intentions. The impersonator promotes another TikTok account, saying “go follow and spam @[username] for a BFF and shoutout.”
The account that’s recommended by the impersonator calls itself a “tunes” account, which makes sped-up or slowed-down audio tracks for other users on TikTok to use as sounds in their videos. This “tunes” account has nearly 6,000 followers and over 19,000 likes.
Another video on the Liza Koshy impersonator account asks followers to follow a different user to “get her to 500 followers and tap her bell.”
In this case, the username is not clickable, indicating the account was either removed from TikTok or they pivoted away to some other name after gaining followers from the Liza Koshy impersonation account. It is unclear whether the person operating the impersonation account is also the one promoting these accounts.
How did a Liza Koshy impersonation account manage to get verified status? That’s a question for TikTok, but the fact that it occurred is a concern.
Impersonation accounts aren’t going anywhere. They’re a commodity for scammers. As long as social media platforms exist, there will be impersonators trying to scam their way into more followers and likes or scamming their users out of money.
As mentioned previously, I’ve discovered lottery winner impersonators before on other social networks. Unsurprisingly, lottery impersonators have already been spotted on TikTok, in what would appear to be a testing phase. The account above is impersonating Mavis Wanczyk, a 2017 Powerball winner of over $750 million dollars, who has already been the subject of scams since winning the Powerball.
Free Followers and Likes on TikTok Accounts
While impersonation accounts and adult dating scams have been around for years, one of the oldest tricks in a scammer’s playbook is offering free followers and likes.
On TikTok, scammers create accounts to follow users or comment on videos to draw their attention to their profiles. Their profiles typically contain no content, but they may include references to sites where users can go to get free followers or likes in their profile bios. For instance, TikTokFans asks users to “Google” for the website. TikTokLift uses a space between each character in their bio, perhaps as a way to prevent the accounts from being detected. Taking it one step further, the GetFans Club references the website within their profile photo.
The practice of promoting free followers and likes isn’t new to TikTok. Even before TikTok’s merger with Musical.ly increased its popularity, these scammers were already on Musical.ly and appear to have been successful at attracting users seeking their services.
Free Followers in India
India is one region in which we particularly notice scammers engaging in activity promoting free followers and likes. According to another CNN Business article, TikTok has over 200 million users in India. Therefore, it’s no surprise that these types of scams are targeting TikTok users in India.
The “Tik Tok Followers” account seen in the image above offers payment through Paytm, an e-commerce and digital wallet service in India. In addition to the offer of TikTok followers, likes and views, the scammer also sells Instagram followers, Facebook Page likes and followers, and YouTube subscribers, likes and views.
A different “TikTok Followers” account advertises pricing in a video. The scammer asks for 150 rupees for 1,000 TikTok followers and offers up to 10,000 TikTok followers for 1,400 rupees. In both of these cases, the users are instructed to send a direct message either on TikTok or through Instagram as a way to communicate in a private channel to discuss facilitating the transaction.
Free TikTok Likes and Followers Sites
TikTok users are directed to external websites in order to get their “free” followers and likes on TikTok. These websites usually ask for basic information on the user, such as their username, and how many followers or likes they want. Some are more advanced compared to others.
For instance, one of the sites will take the username provided and retrieve the profile photo as well as thumbnails of the videos posted to the account.
While they operate differently in some ways, all of these websites have one thing in common: they ask you to download an application.
One website claims the “final step” is to stop “automated bots.” Another says verification is required because of the “high amount of users.” Another just asks the user to download the application without reasoning.
The so-called “final step” leads users to a different website, known as a “content locker,” which provides instructions on how to “verify” they are a human being in order to receive the requested followers. The applications themselves are legitimate applications from the Apple App Store and Google Play Store. They may vary from time to time, but they’ve included food delivery apps like Postmates, internet radio apps like iHeartRadio, games like Solitaire and Virtual Private Network (VPN) apps like Norton Secure VPN. The instructions tell the user to run the application for a minimum of 30 seconds in order to “unlock this content.” Others ask the user to perform an action; for example, with Solitaire, the user needs to win three games in order to unlock the “desired content.”
Clicking through one of these applications will lead to a redirect to a disclaimer page, warning the user that the application may offer a subscription, may charge for in-app content and may also have its own terms and conditions. This is likely a way for the scammers to absolve themselves of responsibility for directing users to download potentially premium applications.
If the user proceeds to the app store, they’ll be redirected via a link from appsflyer.com, which is part of a cost-per-install (CPI) affiliate program. Based on the URL that users are directed to from the disclaimer site, the CPI offer appears to be $0.60 per install. Compared to the CPA offer of $1 to $3 per qualified lead for adult dating websites, it’s no wonder scammers prefer adult dating-themed scams versus the free followers and like scams.
One of the free followers and likes websites includes a YouTube video walking users through this process. The video shows a user downloading apps and using them for 30 seconds, after which their “test account” receives the requested followers. Watching the video, it’s clear these so-called “followers” are fake, just based on usernames and profile images. For instance, in the image above, there are two users with the same profile image. So, while the scammers “deliver” on their promise, not all of them do and, even with fake followers, there’s always the risk TikTok will remove them.
Growing Platforms Become Havens for Scammers
Over the years, scammers have gravitated towards growing platforms like Facebook, Twitter, Instagram, Vine, Tinder, Kik and Snapchat. TikTok is the latest platform to experience such growth, so it makes sense that scammers would look for ways to take advantage of the one billion monthly active users (MAUs) of the service and it will remain that way for the foreseeable future.
It is critically important for users of TikTok to do their part and report these accounts when they see them. In the app, this can be done by clicking on the three dots at the top right, selecting the “Report” option and choosing the most appropriate reason for the report (impersonation, inappropriate content).
When the next hyper-growth platform appears, scammers won’t be far behind. The tactics might change to suit the platform, but at its core, the scams will be the same.
- See more from this author here
- Learn more about Tenable Research here
- Read additional blogs about social media scams: Projeto Sudan Meal: Social Media Is Used to Amass Nearly 900,000 followers on Instagram and Instagram Porn Bots Evolve Methods for Adult Dating Spam