What is an Account Takeover?

An Account Takeover happens when a bad actor gets unauthorised account access to a TikTok Shop Account.
An Account Takeover scam can result in:

• Loss of access to your TikTok Shop account. This means you will not be able to log in to manage your TikTok Shop, orders, and account balance.
• Possible monetary loss should a bad actor gain control of your TikTok Shop Account Balance or bank account details. This includes transferring your TikTok Shop account balance to other bank accounts.

How Do Bad Actors Take Over Accounts?

The main tactic bad actors use in Account Takeover scams is to impersonate a trusted individual, such as a TikTok employee, account manager, shipping company employee, or third-party service provider, to contact TikTok Shop sellers. Alternatively, fraudsters may also pose as interested buyers who wish to make large orders from your shop.
These bad actors reach out to you though online messaging platforms such as WhatsApp, Telegram, Messenger or our TikTok Shop Buyer Direct Message feature in order to retrieve sensitive information such as your log-in details or credentials.
🚩 Some common tactics bad actors use to retrieve your information are:

• Asking for your account details so that they can help you with account services, problems, or violations
• Asking for your account details in exchange for prizes or entry into lucky draws
• Asking for your banking or credit/debit card details to settle delivery/logistics problems with parcel delivery
• Asking you to fill up an online form with your account details for account verification purposes
• Asking you to install/download apps or APK files that are not found in official app stores
• Asking you to click on links or download attachments sent via chat messages

Once gathering the necessary details, bad actors can access and takeover your TikTok Shop account

How can I Prevent Account Takeovers?

You are encouraged to take the following steps to keep your account secure from Account Takeovers:

• Keep your login information confidential
• Use secure passwords
• Activate 2-Step Verification (2SV)
• Ignore suspicious links and files
• Beware of Third Parties Offering Shop Services or Prizes
• Manage your Shop's Administrative and User Permissions

Keep Login Information Confidential

Do not share sensitive account details like usernames, passwords, One-Time-Passwords (OTPs), PINs, or credentials with anyone.
Remember, TikTok Shop will never request such information from users. Even if someone claims to be a TikTok Shop employee, do not disclose your login details or credentials.

Use Secure Passwords

Passwords are the key to your Shop Account. As the first defence against unauthorised access, passwords should be unique and known only to you.
Below are some best practices for creating a strong password:

1. Do not use sequential numbers or letters in your password. For example, do not use abcd, 3456, qwerty, jhgf, etc.
2. Do not include or use your birth year or birth month/day in your password. Remember that unauthorized individuals can easily find this information through public social media accounts.
3. Use a combination of at least eight letters, numbers, and symbols. The longer your password and the more character variety it uses, the harder it is to guess. For example, aR@1nY6#y (a rainy day) uses a unique combination of upper and lowercase letters, numbers, and symbols, while still being easy to remember.
4. Do not reuse your passwords. Every device, application, website, and software requires a unique and strong password or PIN. Reusing your passwords puts you at a higher risk of related accounts being compromised at the same time.
5. Never share passwords. This includes with colleagues, friends, and family. Sellers can assign sub-accounts to their employees to control how much access each person has to the main Shop Account.
6. Beware of phishing emails, texts or calls. If you are unsure of the identity of the person sending you the email, text, or call, do not respond to or provide any personal information. Phishing is a fraudulent practice of inducing individuals to reveal personal information, such as passwords and credit card numbers.

Activate 2-Step Verification (2SV)

TikTok Shop offers the ability to secure your account with two-step verification (2SV), so additional verification is required each time you log in.
To enable two-step verification:

1. log in to your TikTok Shop Seller Center
2. Go to My Account > Seller Profile > Account Information > Account Security
3. Choose your preferred verification method under the 'Two-step verification' section.

Note: Authenticator apps generate a random numeric code. When 2SV with the authenticator app is enabled, this code would be required as a second login step, in addition to your username and password. This means that even bad actors with your username and password will not be able to log into your account without the authenticator code. Please ensure that your authentication app is installed on a secured device that only you can access.

Ignore Suspicious Links and Files

Do not click on any links or download files as suspicious links could direct you to phishing sites that attempt to obtain your login details, while suspicious files may install malicious software on your device.

1. Never provide your TikTok Shop account information, such as username, password, OTP, or PIN, on online forms or websites.
2. Do not download any files or attachments sent by unknown sources, external parties, or unverified senders.

If you have any questions, reach out to our Customer Service for clarification and to verify the sender's authenticity.

Beware of Third Parties Offering Shop Services or Prizes

Manage your Shop's Administrative and User Permissions

Managing administrative access to your account is important because it has full control over your various permissions on TikTok Shop.
You can manage your shop's user permissions and assign roles to related accounts (i.e. sub-accounts). The main account with administrative access will have permission on all seller settings, while sub-accounts can be limited to lesser permissions.
To add new users or a sub-account to your shop, you can go to My Account > User Management > Add User Sellers can also assign specific roles to the newly added user such as:

• Main Administrator: Main administrators can edit and view any module, such as products, orders, finance and marketing, except manage sub-accounts and sensitive store information.
• Affiliate Manager: Affiliate managers can view and create different affiliate plans, contact creators, and view affiliate performance data.
• Finance Specialist: Finance specialists have access to the financial module, and can view bill details and export bills.
• Advertising Manager: Advertising managers can access the advertising options in the Seller Center and the TikTok for Business advertising platform. They can also create advertising plans and view advertising data.
• Marketing Specialist: Marketing specialists can view and edit all pages in the marketing module and can also create, change and end promotional campaigns.
• Customer Service Agents: Customer service specialists can view and use the TikTok Shop messenger service, reply to consumers' inquiries, and provide after-sales services.
• Order Fulfilment Specialist: Order specialists have access to the order management page, and can arrange deliveries, check logistics, and handle returns and refunds.
• Product Management Specialist: Product specialists have access to the product management page, and can activate, manage and delist products.

Note: it is important that you carefully choose who gets admin access to your TikTok Shop

• Only invite members of your own company.
• Require every member to have an individual user account, and do not share your password with others.

What Should I Do If My Account is Compromised?

If you are unable to sign in to your TikTok Shop account and no longer have access to the registered email or mobile phone number, please contact our Customer Service for assistance.
As a precaution, your account will first be frozen to prevent further compromised access. You will then be asked to upload documents to verify account ownership. Upon verification of your documents and further investigation, you will be notified about the next steps to regain access to your account.