Zero days may get the headlines, but attackers are finding a lot of value in leveraging old vulnerabilities. CISA, FBI and NSA have issued several advisories over the last month highlighting an overarching theme of advanced persistent threat groups targeting unpatched vulnerabilities lately.
I observed something similar that began earlier this year. I wrote about it on the Tenable blog. They impersonate many of the people following Trump and engaging with his tweets, irrespective of party affiliation.
It's true that all of the platforms you listed have dealt with scams over the years. It's part of the maturation process of any social network. In the case of TikTok, it officially just celebrated its 2nd year as a platform, and I just began to observe a slew of ads on the platform pushing scams unabated. Scammers follow the trends and where the users are, so an extremely popular app like TikTok became a platform ripe for the picking.
In the advisory, Mozilla states it was being used as part of targeted attacks. Qihoo 360 ATA is credited with discovering the vulnerability and the in-the-wild exploitation of the flaw. Catalin Cimpanu says Qihoo 360 deleted a tweet connecting this bug to an undisclosed Internet Explorer zero-day [1] so it remains to be seen if there is another bug out there that remains unpatched. Mozilla also patched a pair of vulnerabilities that were used in targeted attacks last year [2]
This is a great effort. I wrote about this at the end of January (https://research.satnam.co/2018/01/30/scammers-impersonating...) and was working on a script last month that did the same thing but I was searching the Streaming API for specific keywords that I knew were triggers for their tweets. I set-up a Twitter account to also identify and report these scammers accounts. The problem I was having was I did not account for the variety of currencies that were being utilized, so I had to write new regexes for the different address types. By then, they had switched up tactics and I hadn't followed up on it since.
They won't accept only taking a portion of the ivory and leaving the rest for the elephant. The demand and the value for ivory incentivizes an "all or nothing" approach. That's why you see cases where elephants have been poisoned but their tusks remain in tact. It's because the poachers didn't have enough time to get whole tusks. The people actually poaching the elephants aren't the ones who make the big bucks, so they're likely taught by the traffickers how to obtain the tusks in order to maximize THEIR value.
