Beware: TikTok for Business Phishing Scam Alert

TikTok Business Accounts Targeted in Sophisticated Phishing Campaign

A recent phishing campaign has been discovered, specifically targeting TikTok for Business accounts. This sophisticated attack aims to evade security measures, making it harder for security bots to detect malicious pages.

These threat actors are focusing on TikTok Business accounts due to their potential for misuse in various malicious activities such as malvertising campaigns, ad fraud, and the distribution of harmful content.

Push Security, a browser threat detection and response company, has linked this campaign to a similar one from the previous year that targeted Google Ad Manager accounts.

Previous incidents have shown that TikTok has been exploited to spread malware through malicious videos and cryptocurrency scams via fake promotions. Business accounts on TikTok are particularly attractive for these activities due to their wider reach and perceived credibility.

According to a report by Push Security shared with BleepingComputer, victims are being lured to phishing pages hosted on Cloudflare and registered on March 24 through NiceNIC, a registrar known for its association with cybercriminal activities.

The campaign’s initial delivery mechanism remains unclear, but experts believe that the threat actor is using a method similar to what was observed in previous activities reported by Sublime Security.

The phishing pages, hosted on the same Google Storage bucket, impersonate TikTok for Business and Google Careers “Schedule a Call” pages. Visitors are prompted to enter basic information to verify their business email address.

• welcome.careerscrews[.]com
• welcome.careerstaffer[.]com
• welcome.careersworkflow[.]com
• welcome.careerstransform[.]com
• welcome.careersupskill[.]com
• welcome.careerssuccess[.]com
• welcome.careersstaffgrid[.]com
• welcome.careersprogress[.]com
• welcome.careersgrower[.]com
• welcome.careersengage[.]com
• welcome.careerscrews[.]com

After providing the initial information, victims are presented with a fake login page designed to capture credentials and session cookies, which are then sent to the attacker. This intermediary page allows the threat actor to hijack accounts, even with two-factor authentication (2FA) in place.

Push Security highlights that many business account holders log into TikTok using Google’s single sign-on (SSO) service. This poses a significant risk as compromising one account could lead to both TikTok and Google accounts being used for malicious activities.

Users are advised to exercise caution when receiving suspicious invitations or job offers and to avoid clicking on links from unknown sources. It is crucial to verify the domain before entering any credentials and to use strong passwords to safeguard valuable accounts.

The evolving nature of malware poses a significant threat to online security. The Red Report 2026 sheds light on how new threats utilize advanced techniques to evade detection. By analyzing 1.1 million malicious samples, the report identifies the top 10 techniques used by cybercriminals, helping organizations assess the effectiveness of their security measures.

It is crucial for individuals and businesses to stay vigilant against such threats. By adopting best practices such as verifying links and using secure authentication methods, users can protect themselves from falling victim to phishing attacks.