Cybersecurity researchers have uncovered a new phishing campaign targeting TikTok for Business accounts, using advanced techniques to evade detection and bypass security systems.
According to a report by Push Security, attackers are creating fake login pages that closely mimic TikTok for Business and Google services. These pages are designed to steal user credentials and session cookies, allowing hackers to take over accounts even if two-factor authentication is enabled.
The campaign uses a sophisticated method to avoid detection. Victims are first redirected through a legitimate Google Storage link, then forced to pass a Cloudflare Turnstile verification that blocks security bots. Only after this step are users sent to malicious phishing pages hosted on lookalike domains.
These domains, registered recently, include variations like careerscrews, careerstaffer, and careersworkflow, all designed to appear legitimate. The phishing pages initially ask users to enter basic information under the guise of verifying a business email address. After that, victims are directed to a fake login page that acts as a reverse proxy, capturing login details in real time.
One major concern is the use of Google single sign-on. Many TikTok business users log in using their Google accounts, meaning a successful attack could compromise both platforms at once, increasing the potential damage.
TikTok Business accounts are especially attractive targets because they can be used for large-scale ad fraud, spreading malware, or running scams with higher credibility and reach.
Security experts warn users to stay cautious when receiving unexpected job offers or meeting invites. It is important to verify website domains before entering login details and avoid clicking on suspicious links. Using passkeys and strong authentication methods can also help protect accounts from such attacks.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
