In brief
- CTM360 identified a "ClickTok" campaign using over 10,000 fake domains that mimic TikTok Shop to steal user credentials and distribute malware through phishing pages and trojanized apps.
- Scammers deploy fake Meta ads and AI-generated TikTok videos mimicking influencers to direct victims to fraudulent storefronts offering heavily discounted products paid for with cryptocurrency.
- The campaign targets TikTok Shop Affiliate Program participants globally through advance fee scams and social engineering tactics on WhatsApp and Telegram.
Crypto scammers are increasingly targeting a new platform: TikTok.
According to a report by the cybersecurity firm CTM360, fraudsters are deploying "sophisticated tactics" to deceive victims.
A new campaign called "ClickTok" blends phishing and malware, preying on unsuspecting users attempting to make purchases through TikTok Shop.
Fake ads on Meta, as well as AI-generated TikTok clips mimicking influencers, are used to draw people in. They are then directed to fraudulent domains that closely resemble legitimate URLs.
"These domains serve two main purposes: hosting phishing pages designed to steal user credentials and distributing trojanized apps," the report explains.
More than 10,000 fake sites have been identified to date—and even though TikTok Shop is only available in 17 countries, victims are being targeted worldwide.
When a user interacts with a fraudulent storefront, they often encounter fake product listings—with "urgency tactics" deployed so shoppers make rash decisions, like timers counting down the minutes until a sale expires. From here, they are told to deposit crypto.
The products on offer are often heavily discounted, making deals seem too good to be true. Tether is a widely accepted payment method accepted by the scammers, according to the report.
"The core motive is fraudulent financial gain, exploiting the trust in online shopping, affiliate earnings, and the irreversibility of certain payment methods," the researchers wrote.
"Advance fee scams" are also common, which primarily target people involved in the TikTok Shop Affiliate Program. Here, victims are encouraged to "top up" bogus crypto wallets, shown fake earnings, and promised commissions that never arrive.
CTM360 went on to warn that social engineering tactics are also being deployed, with victims approached on WhatsApp and Telegram by fraudsters masquerading as "TikTok affiliates."
The report is a concerning development given TikTok's users trend younger than other social networks, with the Pew Research Center finding that 18 to 34-year-olds—who may be more susceptible to scams—are "more likely" to use this social network.
It's also a sign that cybercriminals are beginning to diversify beyond executing scams on Facebook and X.