I have always been intrigued by cybercrimes involving social engineering as they depend a lot on deception and manipulation of the human psyche. It has always fascinated me personally. Phishing is probably the most well-known attack that requires social engineering. The emails you’ve been warned of clicking on and the links you’ve been warned of daring to even see what they redirect to are a few examples of phishing attacks.
As you are reading this, unfortunately my father has tested positive for the Coronavirus (COVID-19/SARS-CoV-2) and I’ve been quarantined at home due to me being in close-contact with a person who tested positive for the virus. In this time, I’ve been occasionally going on TikTok and watching a lot of videos.
One video in particular grabbed my attention. It showed a “retired psycho” explaining how you could access your boyfriend’s/husband’s Snapchat account without the need for obtaining the passcode he put on his phone.
She explains in the video how this technique helped her confirm her suspicion that her ex-boyfriend was cheating on her. Furthermore, she says that all you need is “15–20 seconds” alone with his phone and you’re good.
She has a disclaimer with the following written in the beginning of the TikTok:
“I do not encourage doing this for entertainment purposes, this is simply for those who want proof or evidence of cheating or dishonesty.”
Of course, this is highly illegal (at least in the country I am residing in, the UAE).
This might be the reason she took down the video and removed it from her TikTok profile.
Moving on, here is how the attack occurs.
Disclaimer: Before we go on, please understand that I am publishing this article to help people be more aware of new and evolving social engineering attacks that do not require coding or even technical hacking (as many people presume when it comes to hijacking social media accounts). These techniques shall not be used without authorization. I am not responsible for any misuse of the information mentioned in this article as the article is for informational and educational purposes only.
Now let us explain how the attack will occur exactly.
First, the suspicious partner will have to get hold of their partner’s phone. She even mentions that practice makes perfect. Amazing.
Anyway, the second thing you’ll have to do is to log out of your Snapchat account on your phone and reset the password for their Snapchat account by tapping on “Forgot your password?”
Third; since Snapchat forced virtually every single user to verify their accounts with their phone numbers, naturally you will reset the password via Phone and enter their phone number.
Fourth and final step, the verification code will be sent either via SMS (text message) or an automated robot will read the verification code for you by phone. Since you have no access to the phone (no passcode), you will instead choose “Call me instead.”
That’s all. You now have the 6-digit verification code and are able to change your partner’s password to access his Snapchat account.
Of course you cannot do that without being caught (you will leave a trail).
Margaux says the TikTok is simply for “entertainment purposes.”
No it is not. She wanted her viewers to gain unauthorized access to their partners’ Snapchat accounts. She blatantly asked her viewers and followers to interact with the TikTok by “letting her know the tea.”
In conclusion, please be careful and do not attempt this attack with your partners. Relationships should be built on mutual trust and always remember, communication is key. This attack is highly illegal and I’m pretty sure most countries criminalize it. If you have doubts about your relationship with your significant other, talk to them. Don’t talk to your friends, sit with them and talk. You’re adults. Deal with your shit without resorting to such childish behavior. Confront your problems.