Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 部落格


TikTok LIVE Scams: Stolen Live Footage Used to Earn TikTok Gifts, Promote Scams to Make Money

Stolen video footage of celebrities, content creators and others is being used by scammers in TikTok LIVE streams to earn TikTok gifts, peddle questionable products and drive users to adult dating websites.


Since April 2021, I’ve been following highly motivated scammers who have been exploiting the sympathy of TikTok users and using stolen video content to amass enough followers to go LIVE on TikTok. The video content is being stolen from well known celebrities like Dwayne “The Rock” Johnson, content creators like Charli D’Amelio (below), and countless others to fleece TikTok users and the platform itself by abusing TikTok’s LIVE functionality.

The scammers exploit stolen footage from these celebrities and content creators using the stolen clips on their own TikTok LIVE streams to make money through three types of plays:

  • TikTok LIVE Gifts - digital gifts given to creators by fans that can be redeemed for cash
  • Promotion of questionable products - often sold at steep markup through dropshipping services
  • Affiliate links to adult dating websites - scammers earn money for each referral

Below, I’ll detail how each of these tactics is used by scammers to leverage TikTok’s platform to gain incremental revenue. While these scams are hardly “get rich quick” schemes, they can amount to a steady stream of revenue for scammers through different methods, and in the case of LIVE gifts, a way to bleed TikTok users of pennies at a time while staying under the radar of site moderators. Before I do that, though, let’s review the basic TikTok features these scams are designed to exploit.

資料來源:Tenable, October 2021

Two years ago, I published research highlighting how growing platforms like TikTok can become havens for scammers, and how the rise of impersonation accounts on the platform were being fueled by the social currency of likes and followers. Since then, TikTok has reached a milestone of 1 billion monthly active users and has overtaken YouTube for average watch time per user in the United States and the United Kingdom. So, it’s no surprise that scam activity is on the rise in new and creative ways.

TikTok’s For You page remains the holy grail for scammers

Last year, I highlighted how the algorithm that powers Tik Tok’s For You page became a linchpin for advertising scams on the platform, where scammers paid for placement on TikTok’s For You page. Now, scammers are finding their way to the coveted For You page by abusing TikTok’s LIVE functionality, a feature designated for those TikTok who have amassed a minimum of 1,000 followers.

As with other social platforms, such as Instagram, when a popular creator goes live, users that are eager to engage directly with them tune in. Scammers take this live engagement to the next level by using stolen video footage from sources like Instagram, and using fake accounts to end up on the For You page, as I detail in the next section.

Impersonation: Celebrities, noteworthy content creators and others

資料來源:Tenable, October 2021

Scammers have been going live on fake TikTok accounts, leveraging stolen, likely screen recorded video footage obtained from Instagram Live or other sources of celebrities such as Dwayne “The Rock” Johnson, Avril Lavigne and Chris Pratt, as well as popular TikTok creators like Charli D’Amelio, who has the largest following on TikTok, and Bella Poarch, who has the most popular video on TikTok.

資料來源:Tenable, October 2021

Celebrities aren’t the only targets for impersonators. Scammers have also been using a miscellany of stolen live footage from other creators who draw a significant audience like Jeremiah Warlick (Rubber Band Man), Michael Jackson impersonators as well as other attention-grabbing types of content, such as unidentified girls crying, autonomous sensory meridian response (ASMR)-related content, caricature artists drawing people, footage of scrap metal machines being fed a variety of parts and high-speed chases with unrelated audio.

資料來源:Tenable, October 2021

Scammers exploit sympathy, use stolen videos to game the system

As mentioned earlier, a TikTok account is only capable of going LIVE once it has reached the 1,000 follower requirement. While there are 1 billion monthly active users on the platform, it takes time for legitimate content creators to gain such a following. In studying their behavior, I discovered how scammers are relying on two methods of gaming the system in order to gain enough followers to go LIVE: Exploiting the sympathy of TikTok users and using stolen video content from other creators.

Generally, when users encounter one of these TikTok LIVE scams on their For You page, the fake accounts have been wiped clean of any content in an effort to mask how they gained their following, which can be seen in the first panel in the image below. However, I’ve found accounts that failed to remove video content, as in the second panel in the image below, which provided me insight into how a sympathy play is used to gain followers.

資料來源:Tenable, October 2021

Many of these fake accounts use video footage of animals, such as dogs or cats that appear to have been abused or disabled. The scammers overlay the footage of these animals with text like:

  • “Will you kill me gor (sic) $5?”
  • “How much do you love me”
  • “Scroll if you hate disabled cats”
  • “Scroll if u (sic) think I’m scary”

資料來源:Tenable, October 2021

The text is meant to challenge the user to engage with the content rather than scrolling past it. It asks the user to “like, follow and chare (sic)” the video. In some of the videos, the scammers use text overlay to assign arbitrary values to the follow, like, comment and share buttons and ask the user to express how much they love the animal by clicking on them. The scammers may also post videos with text overlay talking about the animals being “not pretty” or “ugly.”

資料來源:Tenable, October 2021

By exploiting the sympathy of TikTok users to drum up engagement, scammers are effectively training the TikTok algorithm to show the scam accounts to even more TikTok users. The flywheel effect helps propel these accounts to earn more likes and follows in order to meet the 1,000-follower requirement necessary to go LIVE on TikTok.

資料來源:Tenable, October 2021

Alternatively, scammers may achieve the same 1,000-follower milestone by using stolen footage of TikTok dance challenges featuring attractive women. As with the animal videos, users that encounter these stolen videos and interact with them will be training the algorithm to help improve the reach of these fake accounts.

資料來源:Tenable, October 2021

Once they gain 1,000 followers and can use TikTok LIVE, the true scam begins.

TikTok Gifts: How scammers monetize their activity through creator rewards

TikTok provides multiple ways for creators to monetize their content, including its creator fund, the creator marketplace and LIVE gifting. For this study, I focused on how scammers are using LIVE gifting.

LIVE gifting is a feature within TikTok that allows fans and followers to send virtual gifts to creators during a TikTok LIVE stream. Fans use real-world currency to purchase “coins” on TikTok which they can then redeem for digital gifts — which are essentially tokens, such as a rose, a present or more extravagant gifts like a fireworks show or shooting stars — that they can then send to their favorite creators. When creators receive “gifts” they can be exchanged for virtual credits, called “diamonds,” which can then be withdrawn for local currency and be deposited into a PayPal account. For example, the image below shows various LIVE scam streams during which fans are gifting the creators with virtual gifts like roses.

資料來源:Tenable, October 2021

To take advantage of this legitimate revenue stream within TikTok, scammers use footage stolen from other sources, like Instagram, or from other creators on TikTok when they go LIVE. None of the videos the scammers use ever explicitly asks users to send LIVE gifts, but TikTok viewers of these fraudulent live streams will often send gifts to the scammers in hopes of gaining the attention of the supposed celebrities or content creators.

資料來源:Tenable, October 2021

In the image above, a fake TikTok account is using stolen live footage that has been repurposed for their stream. The panel at left shows the live stream, during which they receive hundreds of virtual gifts in the form of roses, wrapped presents and others. TikTok encourages users to show their support by sending a gift. The panel at center shows how many TikTok coins are needed to purchase each type of virtual gift. The panel at right shows the dollar value of coins; in U.S. dollars, TikTok coins cost approximately 1.5 cents each.

Item Purchase Price - $USD (Each) Platform Value TikTok Commission
TikTok Coin $0.015 $0.01 33%
Virtual Gift $0.01-$50.00 $0.01-$50.00 -
钻石级 n/a $0.005 50%

Users can spend anywhere from one coin to 5,000 coins to purchase virtual gifts for creators. When a creator accumulates enough gifts, they can trade them for diamonds, which are worth about half as much as a coin — or, basically, fractions of a penny. Every time a creator cashes in a diamond in exchange for fiat currency, it appears that TikTok takes a 50% cut.

The example above of a legitimate TikTok LIVE from Marc D’Amelio, Charli D’Amelio’s father, shows that a balance of 75,328 diamonds is equal to $376 USD, which values each diamond at $0.005, or half of one cent.

My study of these activities suggests scammers are abusing the TikTok LIVE feature to receive gifts in order to convert them into diamonds, and, ultimately, withdraw them into fiat currency. Since the TikTok coins are only worth fractions of a penny, this may seem like an arduous method of gaming the system, but the gifts can build quickly. For example, the typical half-hour LIVE streams I’ve studied can conservatively earn anywhere from 50 - 200 gifts; the longer the stream, the greater the number of gifts accumulated. Ambitious scammers using stolen footage and multiple creator profiles could potentially run hours of LIVE streams per day across multiple accounts, resulting in incremental revenue in exchange for very little effort.

資料來源:Tenable, October 2021

The above example shows a fake TikTok LIVE stream that received 788 roses from one viewer, which was the greatest number I’ve personally seen received through one of these scams. A rose costs a viewer one coin to purchase, so based on the valuation table above, 788 roses would be valued at $7.88 on the platform. However, these gifts would be deposited into the scammers accounts as diamonds, valuing them at $4 after TikTok’s commission. The 788 roses aren’t the only gifts these scammers received, as I believe they have likely earned more gifts during continuous LIVE streams, scaling the magnitude at which they’re able to scam monetary gains.

Promoting questionable products

In addition to taking advantage of the built-in LIVE gifting functionality, I’ve observed some scammers using LIVE streams to gain more visibility for their profiles, where they promote questionable products. This is not all that different from the scams I observed being peddled through TikTok advertisements last year, where scammers simply paid to promote the products.

資料來源:Tenable, October 2021

Similarly to my previous research, many of these scammers use a technique called dropshipping, where they source products from websites like AliExpress at low cost and re-sell them at a significant price markup through websites created on Shopify.

資料來源:Tenable, October 2021

As I cautioned in my previous research, the problem with dropshipping is that the customer may end up with no product or an incorrect one.

資料來源:Tenable, October 2021

In some cases, the scammers aren’t using their TikTok profiles to link to their own Shopify website. Instead, they are adding links that redirect users to send a message to WhatsApp Business accounts. While I did not engage with any of the WhatsApp business accounts I encountered, I suspect the scammers would use WhatsApp to direct users to their Shopify-branded page instead of doing so directly on TikTok.

Affiliate links to adult dating websites

Scammers also use TikTok LIVE to promote adult-dating websites through fake profiles. Users that visit the fake profiles are directed to adult dating websites via a unique affiliate identifier in the URL, which is used by the adult dating websites to track where the referral originated from. If a user signs up for an account on the linked website, the scammer earns a small commision for the referral.

資料來源:Tenable, October 2021

In the example above, the scammers repurposed stolen footage for their own TikTok LIVE stream. When I visited the account associated with the scam, I saw no videos associated with it. However, the username contains the word “animals” and has 119,000 likes, which suggests that at one time there had been videos associated with the account and the scammers have since removed them.

資料來源:Tenable, October 2021

In some instances, I found the scammers weren’t using stolen live video footage. Instead, they would feature a static image within the LIVE that says “18+” in it in order to pique the curiosity of their viewers so that they might visit their profile.

資料來源:Tenable, October 2021

This is a continuation of the adult dating scams I first observed on TikTok in 2019 except that it leverages the TikTok LIVE functionality to get onto the For You page instead.

The branding varies in these scams. I’ve seen scammers use branding like “TikTok For Sex” in landing pages as well as links to a mobile application called “PrivMe.” The landing pages are intermediary pages that mask the scammers tactics for traffic acquisition from the adult dating websites. In some instances, scammers are using branding associated with the popular service OnlyFans on the intermediary landing pages, as seen in the third panel on the image above. Even though the websites aren’t affiliated with OnlyFans, the scammers are merely playing off of a familiar brand to entice the user into completing a short survey..Once a user completes the survey, they are directed to the actual adult dating website called OnlyFlings, a play on the OnlyFans name as seen in the image above. The adult dating websites aren’t shy about using familiar branding, as I’ve written about websites like SnapCheat and Sinder being used in Instagram porn bot scams.

資料來源:Tenable, October 2021

For adult dating websites, scammers can earn anywhere between $3-4 USD for referring a lead to the adult dating website depending on the required user action. In some cases, if an affiliate offer includes Single Opt-In (SOI), scammers only need to convince users to provide basic information like their name and email address. Even a fake email address still counts as a lead and the scammer profits.

Addressing LIVE scams by improving reporting functionality

For TikTok and its users, the quickest solution for these scams is to leverage the built-in reporting functionality under the “Share” icon.

資料來源:Tenable, October 2021

In the case of obvious impersonations involving celebrities or noteworthy TikTok creators, users can select the “Pretending to be someone else” option. However, for other questionable TikTok LIVE content, there is no clear option for reporting scams. Users are only given a catch-all option called “Other.”

資料來源:Tenable, October 2021

This reporting functionality asks users to manually supply a description of the issue rather than providing predefined options. TikTok should provide granular reporting options here to make it easier to report these types of scams.

資料來源:Tenable, October 2021

The continuing maturation of scams on a growing platform

As someone that has been researching scams on social media for over a decade, I’ve seen what’s happening on TikTok before on Snapchat, Instagram, Twitter, and Facebook. As outlined in my first report on TikTok scams, a platform experiencing exponential growth brings not only users, but scammers as well. While these platforms work to handle the increasing number of users on its platform, they must also wrangle with scammers that find a niche for their scams that exploit users in order to enrich themselves.

In the two years since my original report, scammers have found unique and creative ways to get in front of TikTok users by taking advantage of the advertising platform and now with TikTok LIVE streams. The one billion monthly active user mark is a milestone for TikTok, but it serves as a reminder that scammers will continue to target users on its platform for the foreseeable future if Tik Tok does not provide better reporting options for its users and devotes more resources towards combating scams on its platform. It is akin to the proverbial cat and mouse game, where TikTok is the cat, but instead of a single mouse, there is a steady stream of mice.


加入 Tenable Community 的 Tenable 安全回應團隊



輸入您的電子郵件地址,以便收到最新 cyber exposure 警示。

選擇 Tenable.io

免費試用 30 天

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。 立即註冊。

立即購買 Tenable.io

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

65 項資產



免費試用 Nessus Professional

免費試用 7 天

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買 Nessus Professional

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買多年期授權,節省更多。新增 365 天全年無休 24 小時全天候可使用電話、社群及對談的進階支援。完整詳情請見此處。

試用 Tenable.io Web Application Scanning

免費試用 30 天

享受我們專為現代應用程式而設計,屬於 Tenable.io 平台一部分的最新 Web 應用程式掃描產品的所有功能。不需耗費大量人力或中斷重要 Web 應用程式,即可高度準確且安全地掃描您整個線上產品系列中是否含有任何弱點。 立即註冊。

購買 Tenable.io Web Application Scanning

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

5 個 FQDN



試用 Tenable.io Container Security

免費試用 30 天

享受整合至弱點管理平台中的唯一容器安全產品的完整功能。監控容器映像中是否有弱點、惡意軟體及政策違規的情形。與持續整合和持續部署 (CI/CD) 系統整合,以支援 DevOps 作法、加強安全性並支援企業政策合規性。

購買 Tenable.io Container Security

Tenable.io Container Security 整合了建置程序,能提供包含弱點、惡意軟體和政策違規等容器影像安全性的能見度,讓您無縫並安全地啟用 DevOps 流程。

取得 Tenable.sc 產品示範

請填寫以下表格並附上您的聯絡資訊,我們的業務代表將盡快與您聯絡,以安排產品示範。您也可以附上簡短註解 (字元上限為 255 個)。請注意,標示星號 (*) 的欄位是必填欄位。

試用 Tenable Lumin

免費試用 30 天

透過 Tenable Lumin,能夠以視覺方式呈現 Cyber Exposure 並加以探索,長期追蹤風險降低狀況,以及對照同業進行指標分析。

購買 Tenable Lumin

聯絡業務代表,瞭解 Lumin 如何協助您獲得整個企業的深入洞見,並管理網路風險。

申請 Tenable.ot 產品示範



持續偵測與回應 Active Directory 攻擊。 無需代理程式、無需特殊權限。提供内部部署和雲端兩種選擇。