177/69 Friday, March 27, 2026
Threat actors are actively targeting TikTok for Business accounts in a new phishing campaign designed to evade security bots and bypass detection mechanisms. These accounts are considered high-value targets, as they can be abused for malicious advertising, ad fraud, and the distribution of harmful content. Due to their credibility and wide audience reach, compromised business accounts can significantly amplify the impact of such attacks. According to Push Security, this campaign shares similarities with previous attacks targeting Google Ad Manager accounts observed last year.
The attack begins by redirecting victims through seemingly legitimate URLs hosted on Google Storage, which are used as trusted intermediaries. Victims are then led to phishing pages hosted on Cloudflare, where attackers leverage Cloudflare Turnstile to block automated security scanning tools. The phishing pages impersonate legitimate services such as TikTok for Business “Schedule a Call” pages or Google Careers portals, tricking users into submitting their information under the pretense of verifying business email eligibility.
Victims are subsequently redirected to fake login pages that utilize reverse proxy techniques to intercept credentials and session cookies. This allows attackers to hijack accounts even when two-factor authentication (2FA) is enabled. Additionally, since many business users rely on Google SSO for authentication, both TikTok and Google accounts may be compromised simultaneously. Security experts advise users to remain cautious of unsolicited invitations or job offers, carefully verify domain names before entering credentials, and adopt passkeys to enhance account security.