New AiTM Phishing Campaign Targets TikTok for Business Accounts

New AiTM Phishing Campaign Targets TikTok for Business Accounts

First seen 27 Mar 2026, 15:47 UTC BleepingcomputerComputingSecurityaffairs.CoInfosecurity-Magazine 88% similarity 64.5

Article Content

Browse articles
ThreatCluster

A recent phishing campaign has emerged, specifically targeting TikTok for Business accounts. Cybercriminals have registered multiple adversary-in-the-middle (AiTM) phishing pages on March 24, 2026, using a common naming convention linked to welcome.careers*[.]com. These pages are hosted behind Cloudflare and utilize the Nicenic International Group registrar, known for bulk phishing registrations. Victims are lured through a legitimate Google Cloud Storage URL, which redirects them to malicious pages that impersonate TikTok and Google Careers. Users are prompted to fill out a form before being directed to a fake login page designed to capture credentials and session cookies. This campaign exploits the common practice of logging into TikTok using Google single sign-on, potentially compromising both accounts. The scope of the attack is significant, as TikTok for Business accounts are used by companies to manage advertising campaigns, making them attractive targets for malvertising and ad fraud. Push Security has linked this campaign to previous phishing efforts targeting Google Ad Manager accounts. The situation remains active as the number of malicious domains is expected to increase.

Key Points: • A new phishing campaign targets TikTok for Business accounts using AiTM techniques. • Malicious pages impersonate TikTok and Google Careers, capturing user credentials. • The campaign exploits Google SSO, risking both TikTok and Google accounts for victims.

ThreatCluster AI

Timeline

2026-03-24
Multiple AiTM phishing pages registered targeting TikTok for Business
2026-03-26
Push Security reports on the phishing campaign
2026-03-27
Infosecurity Magazine publishes details on the phishing threat

Community

Browse all →