Episode Summary

UK businesses face a sophisticated new threat as criminals deploy artificial intelligence to industrialize fraud through TikTok Shop. Host Lucy Harper exposes the "FraudOnTok" campaign that's already stolen over £900,000 through 15,000 fake websites, weaponized AI-generated content, and advanced malware specifically designed to hunt cryptocurrency wallets on personal devices that connect to business systems.

What You'll Learn

• How the "FraudOnTok" campaign uses AI to create convincing fake influencer videos at industrial scale
• Why SparkKitty malware specifically targets screenshots to steal cryptocurrency wallet recovery phrases
• How OAuth token theft bypasses traditional password security and multi-factor authentication
• The business risk when employees' personal devices compromise corporate Google accounts
• 4-step emergency protection plan for businesses and individuals using social media platforms
• Weekend-specific threat patterns targeting casual social media users

Critical Statistics Mentioned

• £900,000+ already stolen through FraudOnTok campaign
• 15,000+ fake TikTok Shop domains registered by criminals
• 10,000+ unique fake websites identified by researchers
• 5,000+ malicious applications distributing SparkKitty malware
• .top, .shop, .icu domains most commonly used for fake sites
• Meta ads used to distribute fake content to legitimate audiences
• OAuth tokens provide persistent access even after password changes

Key Sources & References

• CTM360: FraudOnTok Campaign Analysis Report
• The Hacker News: 15,000 Fake TikTok Shop Domains Technical Analysis
• BleepingComputer: CTM360 SparkKitty Malware Research
• Cybersecurity News: SparkKitty Technical Specifications
• Cybernews: Global TikTok Scam Impact Analysis
• Keeper Security: TikTok Shop Safety Guidelines
• F-Secure: TikTok Scam Prevention Guide

Episode Sponsor

Equate Group Limited - Comprehensive cybersecurity services specialising in protecting businesses against sophisticated social engineering attacks that target personal devices connecting to business systems.

Additional Threats Mentioned

• CyberHeist Banking Phish: Parallel campaigns targeting UK banking customers through fake Google advertisements
• Deepfake Identity Verification: AI-generated identity documents sophisticated enough to pass automated verification systems
• Weekend Crypto Surge: Cryptocurrency scams spike during weekends when security monitoring is reduced

Source Verification Standards

All sources cited in this episode have been fact-checked and verified through multiple authoritative cybersecurity research channels. CTM360's FraudOnTok research serves as the primary technical source for campaign details. Financial impact figures are cross-referenced through multiple security vendors. UK-specific threat i