TikTok is supposed to be the app that makes social media fun and pure again. Launched in the U.S. about a year ago, the platform for short-form videos is where Lil Nas X’s feel-good hit “Old Town Road” first got traction, where the “motherfucking tea” meme flourished, and where former Vine stars have found a home. The app, which is owned by the Chinese company ByteDance, includes an endlessly scrolling, algorithmically curated feed of videos that users can swipe through—an addictive interface that has helped attract more than 14 million U.S. users, a huge chunk of them teens and children. But there is no such thing as innocence on social media. Like its more established peers, TikTok is showing early signs of a scammer infestation.
Satnam Narang, a researcher at the cybersecurity firm Tenable, released a report Wednesday outlining three types of scams he’s discovered on the platform since he started monitoring it in March. “These scams are still in their infancy, and it’s been interesting to watch it progress over the last several months,” Narang said in an interview. “Similar to how you would have advertisers looking at opportunities to promote ads on a platform like TikTok, scammers see it the same way. They’re just looking at ways to monetize.”
The first type of misleading content described in the report takes advantage of a vulnerability that predates the internet: the libido. Narang observed how grifters have uploaded videos of nearly nude women—which they’ve lifted from other websites—with captions that try to entice users to view even more erotic content on Snapchat. For example, a video of a woman in a bikini might include the caption “Maybe u come help me sleeping? Wait u in Snapchat” or “More n.u.d.e items in my Snapchat.” Once users navigate to the associated Snapchat accounts, they’ll usually find sexual stories and pictures. In some cases, the accounts will advertise adult dating websites, which pay out more than $50 to scammers who direct paying users to their sites. Some TikTok accounts, however, will advertise “premium” Snapchat accounts essentially promising porn, which users usually have to pay $10 to access.
Narang suspects that, once they pay to access the account, users likely won’t get the content they were promised, though he isn’t quite sure. “I can’t verify what happens after you pay, because I didn’t want to pay my own money for that,” he said. He also theorizes that the scammers try to migrate their targets over to Snapchat because that platform doesn’t require a phone number to send messages, unlike TikTok, so it’s a safer place for pulling off shady marketing schemes.
Another TikTok scam that Narang unearthed involves offering users a quick and easy way to gain followers, a ruse that has proliferated on other platforms like Twitter. The scheme, which is reportedly common in India, works by presenting users with videos advertising the opportunity to gain thousands of followers and likes. One iteration of the scam has the user buy the followers. Another offers followers for free in exchange for downloading an application, such as iHeartRadio or Postmates. Similar to the adult-dating-site arrangement, scammers get $0.60 for every user they convince to download the apps. Often the users themselves won’t get any followers, and other times they’ll get follows from bots or fake accounts. “When you look at those followers that are being delivered, they have very strange names, a bunch of random characters, no profile pictures,” said Narang. “So you know they’re fake.”
Not all the scams Narang discovered were motivated by profits. Sometimes the scammers themselves just wanted more followers, not money. An increasingly popular and devious way to increase follower counts is to assume the identity of a popular TikTok star and feed off the celebrity. Scammers will take viral videos and upload them to their own accounts. Sometimes they almost perfectly duplicate a famous creator’s main account using accents and symbols to slightly alter the username, and other times they’ll claim it’s a backup account operated by the original creator. In one case, Narang found that a scammer impersonating the social media celebrity Liza Koshy was able to obtain a “verified account” badge, making it even harder for users to find the real account. Once scammers gain enough followers, they’ll often convert the impersonation account to a personal one and start uploading original content.
Asked to comment on the report, a TikTok spokesperson shared this statement:
TikTok has strict policies safeguarding users against fake, fraudulent or misleading content. We flag and remove most spam accounts before they can reach users’ feeds, and we continuously improve our protections, even as malicious actors work to evade our safeguards. TikTok had already removed all of the accounts identified as spam before [Narang’s report] was published. As part of our regular process, we constantly review the tactics of malicious accounts to further strengthen our systems. For more, see our Community Guidelines: https://www.tiktok.com/safety/policies/ and specifically note the section entitled “Impersonation, spam, scams, or other misleading content.”
Though the accounts mentioned in the report have been suspended, you can still find more like them by searching for hashtags such as “#freefollowers” or accounts associated with popular users like Loren Gray. As is the case with any successful social media platform, TikTok can look forward to playing a long and frustrating game of whack-a-mole in the years to come.