Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 블로그

구독

TikTok LIVE Scams: Stolen Live Footage Used to Earn TikTok Gifts, Promote Scams to Make Money

TikTok LIVE Scams: Stolen Live Footage Used to Earn TikTok Gifts, Promote Scams to Make Money

Stolen video footage of celebrities, content creators and others is being used by scammers in TikTok LIVE streams to earn TikTok gifts, peddle questionable products and drive users to adult dating websites.

Background

Since April 2021, I’ve been following highly motivated scammers who have been exploiting the sympathy of TikTok users and using stolen video content to amass enough followers to go LIVE on TikTok. The video content is being stolen from well known celebrities like Dwayne “The Rock” Johnson, content creators like Charli D’Amelio (below), and countless others to fleece TikTok users and the platform itself by abusing TikTok’s LIVE functionality.

The scammers exploit stolen footage from these celebrities and content creators using the stolen clips on their own TikTok LIVE streams to make money through three types of plays:

  • TikTok LIVE Gifts - digital gifts given to creators by fans that can be redeemed for cash
  • Promotion of questionable products - often sold at steep markup through dropshipping services
  • Affiliate links to adult dating websites - scammers earn money for each referral

Below, I’ll detail how each of these tactics is used by scammers to leverage TikTok’s platform to gain incremental revenue. While these scams are hardly “get rich quick” schemes, they can amount to a steady stream of revenue for scammers through different methods, and in the case of LIVE gifts, a way to bleed TikTok users of pennies at a time while staying under the radar of site moderators. Before I do that, though, let’s review the basic TikTok features these scams are designed to exploit.


Source: Tenable, October 2021

Two years ago, I published research highlighting how growing platforms like TikTok can become havens for scammers, and how the rise of impersonation accounts on the platform were being fueled by the social currency of likes and followers. Since then, TikTok has reached a milestone of 1 billion monthly active users and has overtaken YouTube for average watch time per user in the United States and the United Kingdom. So, it’s no surprise that scam activity is on the rise in new and creative ways.

TikTok’s For You page remains the holy grail for scammers

Last year, I highlighted how the algorithm that powers Tik Tok’s For You page became a linchpin for advertising scams on the platform, where scammers paid for placement on TikTok’s For You page. Now, scammers are finding their way to the coveted For You page by abusing TikTok’s LIVE functionality, a feature designated for those TikTok who have amassed a minimum of 1,000 followers.

As with other social platforms, such as Instagram, when a popular creator goes live, users that are eager to engage directly with them tune in. Scammers take this live engagement to the next level by using stolen video footage from sources like Instagram, and using fake accounts to end up on the For You page, as I detail in the next section.

Impersonation: Celebrities, noteworthy content creators and others


Source: Tenable, October 2021

Scammers have been going live on fake TikTok accounts, leveraging stolen, likely screen recorded video footage obtained from Instagram Live or other sources of celebrities such as Dwayne “The Rock” Johnson, Avril Lavigne and Chris Pratt, as well as popular TikTok creators like Charli D’Amelio, who has the largest following on TikTok, and Bella Poarch, who has the most popular video on TikTok.


Source: Tenable, October 2021

Celebrities aren’t the only targets for impersonators. Scammers have also been using a miscellany of stolen live footage from other creators who draw a significant audience like Jeremiah Warlick (Rubber Band Man), Michael Jackson impersonators as well as other attention-grabbing types of content, such as unidentified girls crying, autonomous sensory meridian response (ASMR)-related content, caricature artists drawing people, footage of scrap metal machines being fed a variety of parts and high-speed chases with unrelated audio.


Source: Tenable, October 2021

Scammers exploit sympathy, use stolen videos to game the system

As mentioned earlier, a TikTok account is only capable of going LIVE once it has reached the 1,000 follower requirement. While there are 1 billion monthly active users on the platform, it takes time for legitimate content creators to gain such a following. In studying their behavior, I discovered how scammers are relying on two methods of gaming the system in order to gain enough followers to go LIVE: Exploiting the sympathy of TikTok users and using stolen video content from other creators.

Generally, when users encounter one of these TikTok LIVE scams on their For You page, the fake accounts have been wiped clean of any content in an effort to mask how they gained their following, which can be seen in the first panel in the image below. However, I’ve found accounts that failed to remove video content, as in the second panel in the image below, which provided me insight into how a sympathy play is used to gain followers.


Source: Tenable, October 2021

Many of these fake accounts use video footage of animals, such as dogs or cats that appear to have been abused or disabled. The scammers overlay the footage of these animals with text like:

  • “Will you kill me gor (sic) $5?”
  • “How much do you love me”
  • “Scroll if you hate disabled cats”
  • “Scroll if u (sic) think I’m scary”


Source: Tenable, October 2021

The text is meant to challenge the user to engage with the content rather than scrolling past it. It asks the user to “like, follow and chare (sic)” the video. In some of the videos, the scammers use text overlay to assign arbitrary values to the follow, like, comment and share buttons and ask the user to express how much they love the animal by clicking on them. The scammers may also post videos with text overlay talking about the animals being “not pretty” or “ugly.”


Source: Tenable, October 2021

By exploiting the sympathy of TikTok users to drum up engagement, scammers are effectively training the TikTok algorithm to show the scam accounts to even more TikTok users. The flywheel effect helps propel these accounts to earn more likes and follows in order to meet the 1,000-follower requirement necessary to go LIVE on TikTok.


Source: Tenable, October 2021

Alternatively, scammers may achieve the same 1,000-follower milestone by using stolen footage of TikTok dance challenges featuring attractive women. As with the animal videos, users that encounter these stolen videos and interact with them will be training the algorithm to help improve the reach of these fake accounts.

Source: Tenable, October 2021

Once they gain 1,000 followers and can use TikTok LIVE, the true scam begins.

TikTok Gifts: How scammers monetize their activity through creator rewards

TikTok provides multiple ways for creators to monetize their content, including its creator fund, the creator marketplace and LIVE gifting. For this study, I focused on how scammers are using LIVE gifting.

LIVE gifting is a feature within TikTok that allows fans and followers to send virtual gifts to creators during a TikTok LIVE stream. Fans use real-world currency to purchase “coins” on TikTok which they can then redeem for digital gifts — which are essentially tokens, such as a rose, a present or more extravagant gifts like a fireworks show or shooting stars — that they can then send to their favorite creators. When creators receive “gifts” they can be exchanged for virtual credits, called “diamonds,” which can then be withdrawn for local currency and be deposited into a PayPal account. For example, the image below shows various LIVE scam streams during which fans are gifting the creators with virtual gifts like roses.


Source: Tenable, October 2021

To take advantage of this legitimate revenue stream within TikTok, scammers use footage stolen from other sources, like Instagram, or from other creators on TikTok when they go LIVE. None of the videos the scammers use ever explicitly asks users to send LIVE gifts, but TikTok viewers of these fraudulent live streams will often send gifts to the scammers in hopes of gaining the attention of the supposed celebrities or content creators.

 
Source: Tenable, October 2021

In the image above, a fake TikTok account is using stolen live footage that has been repurposed for their stream. The panel at left shows the live stream, during which they receive hundreds of virtual gifts in the form of roses, wrapped presents and others. TikTok encourages users to show their support by sending a gift. The panel at center shows how many TikTok coins are needed to purchase each type of virtual gift. The panel at right shows the dollar value of coins; in U.S. dollars, TikTok coins cost approximately 1.5 cents each.

ItemPurchase Price - $USD (Each)Platform ValueTikTok Commission
TikTok Coin$0.015$0.0133%
Virtual Gift$0.01-$50.00$0.01-$50.00-
Diamondn/a$0.00550%

Users can spend anywhere from one coin to 5,000 coins to purchase virtual gifts for creators. When a creator accumulates enough gifts, they can trade them for diamonds, which are worth about half as much as a coin — or, basically, fractions of a penny. Every time a creator cashes in a diamond in exchange for fiat currency, it appears that TikTok takes a 50% cut.

The example above of a legitimate TikTok LIVE from Marc D’Amelio, Charli D’Amelio’s father, shows that a balance of 75,328 diamonds is equal to $376 USD, which values each diamond at $0.005, or half of one cent.

My study of these activities suggests scammers are abusing the TikTok LIVE feature to receive gifts in order to convert them into diamonds, and, ultimately, withdraw them into fiat currency. Since the TikTok coins are only worth fractions of a penny, this may seem like an arduous method of gaming the system, but the gifts can build quickly. For example, the typical half-hour LIVE streams I’ve studied can conservatively earn anywhere from 50 - 200 gifts; the longer the stream, the greater the number of gifts accumulated. Ambitious scammers using stolen footage and multiple creator profiles could potentially run hours of LIVE streams per day across multiple accounts, resulting in incremental revenue in exchange for very little effort.


Source: Tenable, October 2021

The above example shows a fake TikTok LIVE stream that received 788 roses from one viewer, which was the greatest number I’ve personally seen received through one of these scams. A rose costs a viewer one coin to purchase, so based on the valuation table above, 788 roses would be valued at $7.88 on the platform. However, these gifts would be deposited into the scammers accounts as diamonds, valuing them at $4 after TikTok’s commission. The 788 roses aren’t the only gifts these scammers received, as I believe they have likely earned more gifts during continuous LIVE streams, scaling the magnitude at which they’re able to scam monetary gains.

Promoting questionable products

In addition to taking advantage of the built-in LIVE gifting functionality, I’ve observed some scammers using LIVE streams to gain more visibility for their profiles, where they promote questionable products. This is not all that different from the scams I observed being peddled through TikTok advertisements last year, where scammers simply paid to promote the products.


Source: Tenable, October 2021

Similarly to my previous research, many of these scammers use a technique called dropshipping, where they source products from websites like AliExpress at low cost and re-sell them at a significant price markup through websites created on Shopify.


Source: Tenable, October 2021

As I cautioned in my previous research, the problem with dropshipping is that the customer may end up with no product or an incorrect one.


Source: Tenable, October 2021

In some cases, the scammers aren’t using their TikTok profiles to link to their own Shopify website. Instead, they are adding links that redirect users to send a message to WhatsApp Business accounts. While I did not engage with any of the WhatsApp business accounts I encountered, I suspect the scammers would use WhatsApp to direct users to their Shopify-branded page instead of doing so directly on TikTok.

Affiliate links to adult dating websites

Scammers also use TikTok LIVE to promote adult-dating websites through fake profiles. Users that visit the fake profiles are directed to adult dating websites via a unique affiliate identifier in the URL, which is used by the adult dating websites to track where the referral originated from. If a user signs up for an account on the linked website, the scammer earns a small commision for the referral.

 
Source: Tenable, October 2021

In the example above, the scammers repurposed stolen footage for their own TikTok LIVE stream. When I visited the account associated with the scam, I saw no videos associated with it. However, the username contains the word “animals” and has 119,000 likes, which suggests that at one time there had been videos associated with the account and the scammers have since removed them.

 
Source: Tenable, October 2021

In some instances, I found the scammers weren’t using stolen live video footage. Instead, they would feature a static image within the LIVE that says “18+” in it in order to pique the curiosity of their viewers so that they might visit their profile.

 
Source: Tenable, October 2021

This is a continuation of the adult dating scams I first observed on TikTok in 2019 except that it leverages the TikTok LIVE functionality to get onto the For You page instead.

The branding varies in these scams. I’ve seen scammers use branding like “TikTok For Sex” in landing pages as well as links to a mobile application called “PrivMe.” The landing pages are intermediary pages that mask the scammers tactics for traffic acquisition from the adult dating websites. In some instances, scammers are using branding associated with the popular service OnlyFans on the intermediary landing pages, as seen in the third panel on the image above. Even though the websites aren’t affiliated with OnlyFans, the scammers are merely playing off of a familiar brand to entice the user into completing a short survey..Once a user completes the survey, they are directed to the actual adult dating website called OnlyFlings, a play on the OnlyFans name as seen in the image above. The adult dating websites aren’t shy about using familiar branding, as I’ve written about websites like SnapCheat and Sinder being used in Instagram porn bot scams.

 
Source: Tenable, October 2021

For adult dating websites, scammers can earn anywhere between $3-4 USD for referring a lead to the adult dating website depending on the required user action. In some cases, if an affiliate offer includes Single Opt-In (SOI), scammers only need to convince users to provide basic information like their name and email address. Even a fake email address still counts as a lead and the scammer profits.

Addressing LIVE scams by improving reporting functionality

For TikTok and its users, the quickest solution for these scams is to leverage the built-in reporting functionality under the “Share” icon.

 
Source: Tenable, October 2021

In the case of obvious impersonations involving celebrities or noteworthy TikTok creators, users can select the “Pretending to be someone else” option. However, for other questionable TikTok LIVE content, there is no clear option for reporting scams. Users are only given a catch-all option called “Other.”

 
Source: Tenable, October 2021

This reporting functionality asks users to manually supply a description of the issue rather than providing predefined options. TikTok should provide granular reporting options here to make it easier to report these types of scams.

 
Source: Tenable, October 2021

The continuing maturation of scams on a growing platform

As someone that has been researching scams on social media for over a decade, I’ve seen what’s happening on TikTok before on Snapchat, Instagram, Twitter, and Facebook. As outlined in my first report on TikTok scams, a platform experiencing exponential growth brings not only users, but scammers as well. While these platforms work to handle the increasing number of users on its platform, they must also wrangle with scammers that find a niche for their scams that exploit users in order to enrich themselves.

In the two years since my original report, scammers have found unique and creative ways to get in front of TikTok users by taking advantage of the advertising platform and now with TikTok LIVE streams. The one billion monthly active user mark is a milestone for TikTok, but it serves as a reminder that scammers will continue to target users on its platform for the foreseeable future if Tik Tok does not provide better reporting options for its users and devotes more resources towards combating scams on its platform. It is akin to the proverbial cat and mouse game, where TikTok is the cat, but instead of a single mouse, there is a steady stream of mice.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

관련 기사

도움이 되는 사이버 보안 뉴스

이메일을 입력하여 Tenable 전문가에게서 적시에 알림을 받고 보안 참고 자료를 놓치지 마십시오.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

100 자산

구독 옵션 선택:

지금 구매

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

100 자산

구독 옵션 선택:

지금 구매

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

100 자산

구독 옵션 선택:

지금 구매

Tenable Web App Scanning 사용해보기

Tenable One - 위험 노출 관리 플랫폼의 일부분으로 최근의 애플리케이션을 위해 설계한 최신 웹 애플리케이션 제공 전체 기능에 액세스하십시오. 많은 수작업이나 중요한 웹 애플리케이션 중단 없이, 높은 정확도로 전체 온라인 포트폴리오의 취약성을 안전하게 스캔합니다. 지금 등록하십시오.

Tenable Tenable Web App Scanning 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Web App Scanning 구입

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

5 FQDN

$3,578

지금 구매

Tenable Lumin 사용해 보기

Tenable Lumin으로 위험 노출 관리를 시각화하여 파악하고 시간에 걸쳐 위험 감소를 추적하고 유사한 조직과 대비하여 벤치마킹하십시오.

Tenable Lumin 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Lumin 구매

영업 담당자에게 문의하여 어떻게 Tenable Lumin이 전체 조직에 대한 통찰을 얻고 사이버 위험을 관리하는 도움이 되는지 알아보십시오.

무료로 Tenable Nessus Professional 사용해보기

7일 동안 무료

Tenable Nessus는 현재 구입 가능한 가장 종합적인 취약성 스캐너입니다.

신규 - Tenable Nessus Expert
지금 사용 가능

Nessus Expert는 외부 공격 표면 스캔닝과 같은 더 많은 기능 및 도메인을 추가하고 클라우드 인프라를 스캔하는 기능을 추가합니다. 여기를 클릭하여 Nessus Expert를 사용해보십시오.

아래 양식을 작성하여 Nessus Pro 평가판을 사용해보십시오.

Tenable Nessus Professional 구입

Tenable Nessus는 현재 구입 가능한 가장 종합적인 취약성 스캐너입니다. Tenable Nessus Professional은 취약성 스캔 절차를 자동화하고 컴플라이언스 주기의 시간을 절감하고 IT 팀과 참여할 수 있도록 합니다.

여러 해 라이선스를 구매하여 절감하십시오. 연중무휴 전화, 커뮤니티 및 채팅 지원에 액세스하려면 Advanced 지원을 추가하십시오.

라이선스 선택

여러 해 라이선스를 구매하여 절감하십시오.

지원 및 교육 추가

무료로 Tenable Nessus Expert 사용해보기

7일간 무료

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

이미 Tenable Nessus Professional을 보유하고 계십니까?
7일간 Nessus Expert로 무료 업그레이드하십시오.

Tenable Nessus Expert 구입

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

라이선스 선택

여러 해 라이선스를 구매하여 비용을 더 절감하십시오.

지원 및 교육 추가