TikTok for Business Accounts Targeted in New Phishing Campaign

The rise of ad‑tech platforms has made business‑focused social accounts lucrative targets for cybercriminals. TikTok for Business, with its expansive reach and perceived legitimacy, offers a high‑value conduit for malvertising and fraudulent ad spend. Attackers exploit this by crafting convincing “Schedule a Call” pages that appear to be official TikTok or Google Careers portals, leveraging the platform’s reputation to extract sensitive information from marketers and agencies seeking to expand their ad footprint.

Technically, the campaign sidesteps traditional security scanners by routing victims through a legitimate Google Storage URL and then a Cloudflare Turnstile challenge that blocks bots. The phishing domains, all registered via the NiceNIC registrar, share a common naming pattern and reside on a single Google Storage bucket, simplifying the attacker’s infrastructure. Once the initial form is completed, users are redirected to a reverse‑proxy login page that harvests credentials and session cookies, effectively bypassing two‑factor authentication. The use of Google single sign‑on further amplifies the impact, allowing a single compromised credential set to grant access to both TikTok and Google accounts used for ad management.

For businesses, the takeaway is clear: verify every link, especially those promising calls or job offers, and scrutinize domain names before entering credentials. Deploying passkeys or hardware‑based authentication can mitigate the risk of session‑cookie theft, while continuous monitoring for anomalous login activity helps detect breaches early. As advertisers increasingly allocate budgets to TikTok’s business suite, robust security hygiene becomes essential to protect both financial investments and brand integrity in an evolving threat landscape.