Emerging Cybersecurity Threat: A New Phishing Campaign Targets TikTok Business Accounts
In a recent report from Push Security, it has been revealed that cybercriminals are deploying adversary-in-the-middle (AitM) phishing techniques to compromise TikTok for Business accounts. This alarming trend highlights the increasing sophistication and target specificity of such cyberattacks, particularly against business accounts on popular social media platforms.
Business Accounts: A High-Stakes Target
TikTok for Business accounts are becoming a focal point for malicious actors owing to their potential for exploitation in various nefarious activities. The report indicates that these accounts can be weaponized for purposes such as malvertising— where advertisements are employed to distribute malware— and engaging in fraudulent activities that can severely harm both individuals and businesses.
Push Security pointed out the historical misuse of TikTok, where the platform has been exploited to disseminate malicious links as well as social engineering tactics. Cybercriminals have previously employed a range of infostealers, including Vidar, StealC, and Aura Stealer. These scams often utilize ClickFix-style instructions paired with AI-generated videos disguised as activation guides for popular software such as Windows, Spotify, and CapCut, significantly amplifying their deceitful allure.
The Modus Operandi of the Current Campaign
The phishing campaign in question initiates with the tricking of victims into clicking on a harmful link that redirects them to a fraudulent page. This page is designed to closely resemble either TikTok for Business or Google Careers, further enhancing its deceptive credibility. As part of the phishing scheme, victims are presented with an opportunity to schedule a call, attempting to lure them into a false sense of security and engagement.
It is vital to note that a previous version of this phishing campaign was flagged by Sublime Security back in October 2025, which utilized emails masquerading as outreach messages to target unsuspecting individuals. This pattern illustrates a continued evolution in phishing strategies, where attackers adopt social engineering tactics to increase their chances of success.
Regardless of the specific page a victim is directed to, the ultimate goal remains the same: to conduct a Cloudflare Turnstile check that successfully blocks bots and automated scanning tools. This allows the cybercriminals to serve a malicious AitM phishing page crafted specifically to capture login credentials from unsuspecting users.
Domains Associated with the Phishing Pages
The report identified several domains hosting these malicious phishing pages, pointing to a coordinated effort by the attackers. Some of the domains mentioned include:
- welcome.careerscrews[.]com
- welcome.careerstaffer[.]com
- welcome.careersworkflow[.]com
- welcome.careerstransform[.]com
- welcome.careersupskill[.]com
- welcome.careerssuccess[.]com
- welcome.careersstaffgrid[.]com
- welcome.careersprogress[.]com
- welcome.careersgrower[.]com
- welcome.careersengage[.]com
These domains reflect a concerted approach to mimic legitimate career-related sites, further exemplifying the lengths to which adversaries will go to capture sensitive information.
Parallel Phishing Campaigns and Malware Distribution
Concurrently, another phishing campaign has gained attention for using Scalable Vector Graphics (SVG) file attachments to deliver malware to targeted victims, notably in Venezuela. According to a report by WatchGuard, these phishing messages contain SVG files disguised as invoices, receipts, or budget documents, clearly tailored to mislead unsuspecting users.
When these malicious SVG files are opened, they initiate communication with a URL that prompts the download of harmful artifacts, pointing to an alarming trend where mundane file types transform into vectors for significant cybersecurity threats.
WatchGuard emphasized the importance of recognizing that even seemingly innocuous file formats like SVGs can be repurposed for malicious intents. This campaign illustrates how an array of tactics is employed to create a phishing chain leading to the delivery of malware associated with the BianLian ransomware group.
Conclusion: The Call for Vigilance
The expert analyses underscore the evolving nature of phishing attacks and the dangers posed to business and individual accounts alike. These events serve as a crucial reminder for users to remain vigilant, verify links before clicking, and adopt comprehensive security measures in a digital landscape fraught with risks. As cyber threats continue to proliferate in complexity and frequency, it is essential for individuals and organizations to stay informed and prepared against these cunning attacks. Implementing rigorous cybersecurity protocols could mean the difference between safety and becoming a victim in this evolving cyber landscape.