Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Blog da Tenable

Inscrever-se

TikTok LIVE Scams: Stolen Live Footage Used to Earn TikTok Gifts, Promote Scams to Make Money

TikTok LIVE Scams: Stolen Live Footage Used to Earn TikTok Gifts, Promote Scams to Make Money

Stolen video footage of celebrities, content creators and others is being used by scammers in TikTok LIVE streams to earn TikTok gifts, peddle questionable products and drive users to adult dating websites.

Contexto

Since April 2021, I’ve been following highly motivated scammers who have been exploiting the sympathy of TikTok users and using stolen video content to amass enough followers to go LIVE on TikTok. The video content is being stolen from well known celebrities like Dwayne “The Rock” Johnson, content creators like Charli D’Amelio (below), and countless others to fleece TikTok users and the platform itself by abusing TikTok’s LIVE functionality.

The scammers exploit stolen footage from these celebrities and content creators using the stolen clips on their own TikTok LIVE streams to make money through three types of plays:

  • TikTok LIVE Gifts - digital gifts given to creators by fans that can be redeemed for cash
  • Promotion of questionable products - often sold at steep markup through dropshipping services
  • Affiliate links to adult dating websites - scammers earn money for each referral

Below, I’ll detail how each of these tactics is used by scammers to leverage TikTok’s platform to gain incremental revenue. While these scams are hardly “get rich quick” schemes, they can amount to a steady stream of revenue for scammers through different methods, and in the case of LIVE gifts, a way to bleed TikTok users of pennies at a time while staying under the radar of site moderators. Before I do that, though, let’s review the basic TikTok features these scams are designed to exploit.


Fonte: Tenable, October 2021

Two years ago, I published research highlighting how growing platforms like TikTok can become havens for scammers, and how the rise of impersonation accounts on the platform were being fueled by the social currency of likes and followers. Since then, TikTok has reached a milestone of 1 billion monthly active users and has overtaken YouTube for average watch time per user in the United States and the United Kingdom. So, it’s no surprise that scam activity is on the rise in new and creative ways.

TikTok’s For You page remains the holy grail for scammers

Last year, I highlighted how the algorithm that powers Tik Tok’s For You page became a linchpin for advertising scams on the platform, where scammers paid for placement on TikTok’s For You page. Now, scammers are finding their way to the coveted For You page by abusing TikTok’s LIVE functionality, a feature designated for those TikTok who have amassed a minimum of 1,000 followers.

As with other social platforms, such as Instagram, when a popular creator goes live, users that are eager to engage directly with them tune in. Scammers take this live engagement to the next level by using stolen video footage from sources like Instagram, and using fake accounts to end up on the For You page, as I detail in the next section.

Impersonation: Celebrities, noteworthy content creators and others


Fonte: Tenable, October 2021

Scammers have been going live on fake TikTok accounts, leveraging stolen, likely screen recorded video footage obtained from Instagram Live or other sources of celebrities such as Dwayne “The Rock” Johnson, Avril Lavigne and Chris Pratt, as well as popular TikTok creators like Charli D’Amelio, who has the largest following on TikTok, and Bella Poarch, who has the most popular video on TikTok.


Fonte: Tenable, October 2021

Celebrities aren’t the only targets for impersonators. Scammers have also been using a miscellany of stolen live footage from other creators who draw a significant audience like Jeremiah Warlick (Rubber Band Man), Michael Jackson impersonators as well as other attention-grabbing types of content, such as unidentified girls crying, autonomous sensory meridian response (ASMR)-related content, caricature artists drawing people, footage of scrap metal machines being fed a variety of parts and high-speed chases with unrelated audio.


Fonte: Tenable, October 2021

Scammers exploit sympathy, use stolen videos to game the system

As mentioned earlier, a TikTok account is only capable of going LIVE once it has reached the 1,000 follower requirement. While there are 1 billion monthly active users on the platform, it takes time for legitimate content creators to gain such a following. In studying their behavior, I discovered how scammers are relying on two methods of gaming the system in order to gain enough followers to go LIVE: Exploiting the sympathy of TikTok users and using stolen video content from other creators.

Generally, when users encounter one of these TikTok LIVE scams on their For You page, the fake accounts have been wiped clean of any content in an effort to mask how they gained their following, which can be seen in the first panel in the image below. However, I’ve found accounts that failed to remove video content, as in the second panel in the image below, which provided me insight into how a sympathy play is used to gain followers.


Fonte: Tenable, October 2021

Many of these fake accounts use video footage of animals, such as dogs or cats that appear to have been abused or disabled. The scammers overlay the footage of these animals with text like:

  • “Will you kill me gor (sic) $5?”
  • “How much do you love me”
  • “Scroll if you hate disabled cats”
  • “Scroll if u (sic) think I’m scary”


Fonte: Tenable, October 2021

The text is meant to challenge the user to engage with the content rather than scrolling past it. It asks the user to “like, follow and chare (sic)” the video. In some of the videos, the scammers use text overlay to assign arbitrary values to the follow, like, comment and share buttons and ask the user to express how much they love the animal by clicking on them. The scammers may also post videos with text overlay talking about the animals being “not pretty” or “ugly.”


Fonte: Tenable, October 2021

By exploiting the sympathy of TikTok users to drum up engagement, scammers are effectively training the TikTok algorithm to show the scam accounts to even more TikTok users. The flywheel effect helps propel these accounts to earn more likes and follows in order to meet the 1,000-follower requirement necessary to go LIVE on TikTok.


Fonte: Tenable, October 2021

Alternatively, scammers may achieve the same 1,000-follower milestone by using stolen footage of TikTok dance challenges featuring attractive women. As with the animal videos, users that encounter these stolen videos and interact with them will be training the algorithm to help improve the reach of these fake accounts.

Fonte: Tenable, October 2021

Once they gain 1,000 followers and can use TikTok LIVE, the true scam begins.

TikTok Gifts: How scammers monetize their activity through creator rewards

TikTok provides multiple ways for creators to monetize their content, including its creator fund, the creator marketplace and LIVE gifting. For this study, I focused on how scammers are using LIVE gifting.

LIVE gifting is a feature within TikTok that allows fans and followers to send virtual gifts to creators during a TikTok LIVE stream. Fans use real-world currency to purchase “coins” on TikTok which they can then redeem for digital gifts — which are essentially tokens, such as a rose, a present or more extravagant gifts like a fireworks show or shooting stars — that they can then send to their favorite creators. When creators receive “gifts” they can be exchanged for virtual credits, called “diamonds,” which can then be withdrawn for local currency and be deposited into a PayPal account. For example, the image below shows various LIVE scam streams during which fans are gifting the creators with virtual gifts like roses.


Fonte: Tenable, October 2021

To take advantage of this legitimate revenue stream within TikTok, scammers use footage stolen from other sources, like Instagram, or from other creators on TikTok when they go LIVE. None of the videos the scammers use ever explicitly asks users to send LIVE gifts, but TikTok viewers of these fraudulent live streams will often send gifts to the scammers in hopes of gaining the attention of the supposed celebrities or content creators.


Fonte: Tenable, October 2021

In the image above, a fake TikTok account is using stolen live footage that has been repurposed for their stream. The panel at left shows the live stream, during which they receive hundreds of virtual gifts in the form of roses, wrapped presents and others. TikTok encourages users to show their support by sending a gift. The panel at center shows how many TikTok coins are needed to purchase each type of virtual gift. The panel at right shows the dollar value of coins; in U.S. dollars, TikTok coins cost approximately 1.5 cents each.

ItemPurchase Price - $USD (Each)Platform ValueTikTok Commission
TikTok Coin$0.015$0.0133%
Virtual Gift$0.01-$50.00$0.01-$50.00-
Diamondn/a$0.00550%

Users can spend anywhere from one coin to 5,000 coins to purchase virtual gifts for creators. When a creator accumulates enough gifts, they can trade them for diamonds, which are worth about half as much as a coin — or, basically, fractions of a penny. Every time a creator cashes in a diamond in exchange for fiat currency, it appears that TikTok takes a 50% cut.

The example above of a legitimate TikTok LIVE from Marc D’Amelio, Charli D’Amelio’s father, shows that a balance of 75,328 diamonds is equal to $376 USD, which values each diamond at $0.005, or half of one cent.

My study of these activities suggests scammers are abusing the TikTok LIVE feature to receive gifts in order to convert them into diamonds, and, ultimately, withdraw them into fiat currency. Since the TikTok coins are only worth fractions of a penny, this may seem like an arduous method of gaming the system, but the gifts can build quickly. For example, the typical half-hour LIVE streams I’ve studied can conservatively earn anywhere from 50 - 200 gifts; the longer the stream, the greater the number of gifts accumulated. Ambitious scammers using stolen footage and multiple creator profiles could potentially run hours of LIVE streams per day across multiple accounts, resulting in incremental revenue in exchange for very little effort.


Fonte: Tenable, October 2021

The above example shows a fake TikTok LIVE stream that received 788 roses from one viewer, which was the greatest number I’ve personally seen received through one of these scams. A rose costs a viewer one coin to purchase, so based on the valuation table above, 788 roses would be valued at $7.88 on the platform. However, these gifts would be deposited into the scammers accounts as diamonds, valuing them at $4 after TikTok’s commission. The 788 roses aren’t the only gifts these scammers received, as I believe they have likely earned more gifts during continuous LIVE streams, scaling the magnitude at which they’re able to scam monetary gains.

Promoting questionable products

In addition to taking advantage of the built-in LIVE gifting functionality, I’ve observed some scammers using LIVE streams to gain more visibility for their profiles, where they promote questionable products. This is not all that different from the scams I observed being peddled through TikTok advertisements last year, where scammers simply paid to promote the products.


Fonte: Tenable, October 2021

Similarly to my previous research, many of these scammers use a technique called dropshipping, where they source products from websites like AliExpress at low cost and re-sell them at a significant price markup through websites created on Shopify.


Fonte: Tenable, October 2021

As I cautioned in my previous research, the problem with dropshipping is that the customer may end up with no product or an incorrect one.


Fonte: Tenable, October 2021

In some cases, the scammers aren’t using their TikTok profiles to link to their own Shopify website. Instead, they are adding links that redirect users to send a message to WhatsApp Business accounts. While I did not engage with any of the WhatsApp business accounts I encountered, I suspect the scammers would use WhatsApp to direct users to their Shopify-branded page instead of doing so directly on TikTok.

Affiliate links to adult dating websites

Scammers also use TikTok LIVE to promote adult-dating websites through fake profiles. Users that visit the fake profiles are directed to adult dating websites via a unique affiliate identifier in the URL, which is used by the adult dating websites to track where the referral originated from. If a user signs up for an account on the linked website, the scammer earns a small commision for the referral.


Fonte: Tenable, October 2021

In the example above, the scammers repurposed stolen footage for their own TikTok LIVE stream. When I visited the account associated with the scam, I saw no videos associated with it. However, the username contains the word “animals” and has 119,000 likes, which suggests that at one time there had been videos associated with the account and the scammers have since removed them.


Fonte: Tenable, October 2021

In some instances, I found the scammers weren’t using stolen live video footage. Instead, they would feature a static image within the LIVE that says “18+” in it in order to pique the curiosity of their viewers so that they might visit their profile.


Fonte: Tenable, October 2021

This is a continuation of the adult dating scams I first observed on TikTok in 2019 except that it leverages the TikTok LIVE functionality to get onto the For You page instead.

The branding varies in these scams. I’ve seen scammers use branding like “TikTok For Sex” in landing pages as well as links to a mobile application called “PrivMe.” The landing pages are intermediary pages that mask the scammers tactics for traffic acquisition from the adult dating websites. In some instances, scammers are using branding associated with the popular service OnlyFans on the intermediary landing pages, as seen in the third panel on the image above. Even though the websites aren’t affiliated with OnlyFans, the scammers are merely playing off of a familiar brand to entice the user into completing a short survey..Once a user completes the survey, they are directed to the actual adult dating website called OnlyFlings, a play on the OnlyFans name as seen in the image above. The adult dating websites aren’t shy about using familiar branding, as I’ve written about websites like SnapCheat and Sinder being used in Instagram porn bot scams.


Fonte: Tenable, October 2021

For adult dating websites, scammers can earn anywhere between $3-4 USD for referring a lead to the adult dating website depending on the required user action. In some cases, if an affiliate offer includes Single Opt-In (SOI), scammers only need to convince users to provide basic information like their name and email address. Even a fake email address still counts as a lead and the scammer profits.

Addressing LIVE scams by improving reporting functionality

For TikTok and its users, the quickest solution for these scams is to leverage the built-in reporting functionality under the “Share” icon.


Fonte: Tenable, October 2021

In the case of obvious impersonations involving celebrities or noteworthy TikTok creators, users can select the “Pretending to be someone else” option. However, for other questionable TikTok LIVE content, there is no clear option for reporting scams. Users are only given a catch-all option called “Other.”


Fonte: Tenable, October 2021

This reporting functionality asks users to manually supply a description of the issue rather than providing predefined options. TikTok should provide granular reporting options here to make it easier to report these types of scams.


Fonte: Tenable, October 2021

The continuing maturation of scams on a growing platform

As someone that has been researching scams on social media for over a decade, I’ve seen what’s happening on TikTok before on Snapchat, Instagram, Twitter, and Facebook. As outlined in my first report on TikTok scams, a platform experiencing exponential growth brings not only users, but scammers as well. While these platforms work to handle the increasing number of users on its platform, they must also wrangle with scammers that find a niche for their scams that exploit users in order to enrich themselves.

In the two years since my original report, scammers have found unique and creative ways to get in front of TikTok users by taking advantage of the advertising platform and now with TikTok LIVE streams. The one billion monthly active user mark is a milestone for TikTok, but it serves as a reminder that scammers will continue to target users on its platform for the foreseeable future if Tik Tok does not provide better reporting options for its users and devotes more resources towards combating scams on its platform. It is akin to the proverbial cat and mouse game, where TikTok is the cat, but instead of a single mouse, there is a steady stream of mice.

Obtenha mais informações

Junte-se à equipe de resposta de segurança da Tenable na Tenable Community.

Artigos relacionados

As notícias de segurança cibernética mais relevantes

Informe seu e-mail e nunca mais perca os alertas oportunos e orientações de segurança dos especialistas da Tenable.

Tenable Vulnerability Management

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes.

Sua avaliação do Tenable Vulnerability Management também inclui o Tenable Lumin e o Tenable Web App Scanning.

Tenable Vulnerability Management

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes. Compre hoje a sua assinatura anual.

100 ativos

Escolha sua opção de assinatura:

Compre já

Tenable Vulnerability Management

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes.

Sua avaliação do Tenable Vulnerability Management também inclui o Tenable Lumin e o Tenable Web App Scanning.

Tenable Vulnerability Management

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes. Compre hoje a sua assinatura anual.

100 ativos

Escolha sua opção de assinatura:

Compre já

Tenable Vulnerability Management

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes.

Sua avaliação do Tenable Vulnerability Management também inclui o Tenable Lumin e o Tenable Web App Scanning.

Tenable Vulnerability Management

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes. Compre hoje a sua assinatura anual.

100 ativos

Escolha sua opção de assinatura:

Compre já

Experimente o Tenable Web App Scanning

Aproveite o acesso total à nossa mais recente oferta de verificação de aplicações Web, projetada para aplicações modernas, como parte da Plataforma de gerenciamento de exposição Tenable One. Verifique com segurança em busca de vulnerabilidades em todo o seu portfólio on-line com um alto grau de precisão sem grandes esforços manuais ou interrupção de aplicações Web críticas. Inscreva-se agora mesmo.

Sua avaliação do Tenable Web App Scanning também inclui o Tenable Vulnerability Management e o Tenable Lumin.

Comprar o Tenable Web App Scanning

Tenha acesso completo a uma plataforma moderna de gerenciamento de vulnerabilidades baseada na nuvem, que permite que você veja e rastreie todos os seus ativos com uma precisão sem precedentes. Compre hoje a sua assinatura anual.

5 FQDNs

US$ 3.578,00

Compre já

Avalie o Tenable Lumin

Visualize e explore o gerenciamento de exposição, acompanhe a redução de riscos ao longo do tempo e faça comparações com seus pares por meio do Tenable Lumin.

Sua avaliação do Tenable Lumin também inclui o Tenable Vulnerability Management e o Tenable Web App Scanning.

Compre o Tenable Lumin

Entre em contato com um representante de vendas para ver como o Tenable Lumin pode ajudar você a obter insights em toda a sua organização e gerenciar o risco cibernético.

Experimente o Tenable Nessus Professional gratuitamente

GRATUITO POR POR 7 DIAS

O Tenable Nessus é o verificador de vulnerabilidade mais abrangente do mercado atualmente.

NOVIDADE: Tenable Nessus Expert
Já disponível

O Nessus Expert adiciona ainda mais recursos, incluindo verificação de superfície de ataque externa e a capacidade de adicionar domínios e verificações de infraestrutura em nuvem. Clique aqui para testar o Nessus Expert.

Preencha o formulário abaixo para continuar com uma avaliação do Nessus Pro.

Comprar o Tenable Nessus Professional

O Tenable Nessus é o verificador de vulnerabilidade mais abrangente do mercado atualmente. O Tenable Nessus Professional ajudará a automatizar o processo de verificação de vulnerabilidades, economizar tempo nos ciclos de conformidade e permitir que você envolva sua equipe de TI.

Compre uma licença para vários anos e economize. Inclua o Suporte avançado para ter acesso ao suporte por telefone, pela comunidade e por bate-papo 24 horas por dia, 365 dias por ano.

Selecione sua licença

Compre uma licença para vários anos e economize.

Adicionar suporte e treinamento

Experimente o Tenable Nessus Expert gratuitamente

GRÁTIS POR 7 DIAS

Desenvolvido para a superfície de ataque moderna, o Nessus Expert permite ver mais e proteger sua organização de vulnerabilidades, da TI à nuvem.

Já adquiriu o Tenable Nessus Professional?
Atualize para o Nessus Expert gratuitamente por 7 dias.

Comprar o Tenable Nessus Expert

Desenvolvido para a superfície de ataque moderna, o Nessus Expert permite ver mais e proteger sua organização de vulnerabilidades, da TI à nuvem.

Selecione sua licença

Compre uma licença para vários anos e economize mais.

Adicionar suporte e treinamento