In 2020, the Indian government blocked the Chinese video-sharing app TikTok. As a result of the block, people wanting to use the app resorted to different methods of accessing it. It seemed that in the years since hackers attempting to benefit from the situation have been sending out smishing links that are promising to redirect users to the ‘professional version’ of TikTok but, in reality, are sending victims to malware downloads designed to steal sensitive data.
What is Smishing?
Smishing is a form of phishing in which hackers send SMS or text messages from purportedly trusted sources to dupe victims into clicking a tainted link or giving them personal data. Posing as government agencies, banks, or even family or family, criminals deploy social engineering techniques to lure victims into handing over financial information, login credentials, Social Security numbers, and other sensitive data. Victims who fall prey to smishing attacks can have their identities stolen, bank accounts looted, or end up with malware installed on their phones.
Banks and law enforcement agencies globally are warning that fraudulent text messages are becoming more numerous and sophisticated. Citizens reported 98,055 instances of phone-enabled schemes in England, Wales and Northern Ireland to the organization Action Fraud, the UK reporting centre for fraud and cybercrime, between January 1st, 2019 and March 31, 2020.
Unsuspecting Indian victims have been receiving the phony Tik Tok messages through both SMS and WhatsApp. The messages are generally similar and followed by a URL link where the recipient can download the TikTok Pro APK file. Once the malicious file is downloaded, the app shows the genuine TikTok app’s icon and asks for several permissions, including accessing the microphone, camera, and image gallery. Once the user gives permission, the app stays on the phone and begins stealing user ID and social media profile credentials.
Since the Indian government blocked access to the TikTok app on both Google Play and the App Store, users, unfortunately, have turned to illegal ways of accessing the app and have found themselves victimized by infected versions of the app.
To avoid installing malicious or fake apps, users should educate themselves on how to identify fake apps and pay extra attention to details such as checking an app’s description before downloading, sticking to official app stores and checking out who the developer is. Using a reliable mobile anti-malware tool may also help prevent fake and malicious apps from getting installed on one’s phone.
