{"id":228238,"date":"2026-03-27T11:23:00","date_gmt":"2026-03-27T15:23:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/27\/new-aitm-phishing-wave-hijacks-tiktok-business-accounts\/"},"modified":"2026-03-27T13:55:14","modified_gmt":"2026-03-27T17:55:14","slug":"new-aitm-phishing-wave-hijacks-tiktok-business-accounts","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/27\/new-aitm-phishing-wave-hijacks-tiktok-business-accounts\/","title":{"rendered":"New AITM phishing wave hijacks TikTok Business accounts"},"content":{"rendered":"

New AITM phishing wave hijacks TikTok Business accounts<\/a><\/p>\n

https:\/\/securityaffairs.com\/190058\/security\/new-aitm-phishing-wave-hijacks-tiktok-business-accounts.html?amp<\/a><\/p>\n

Publish Date: 2026-03-27 11:23:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

New AITM phishing wave hijacks TikTok Business accounts<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ March 27, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams.<\/h2>\n

Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous operations. Once compromised, accounts are used to run malicious ads, steal credentials, spread malware, and conduct ad fraud, diverting company advertising budgets for profit.<\/p>\n

Attackers used newly registered domains created within seconds and hosted behind Cloudflare. The pages follow a common naming pattern and redirect victims from legitimate services before loading fake TikTok for Business or Google \u201cSchedule a call\u201d pages. <\/p>\n

\"\"<\/p>\n

Users are asked to fill in basic details, then shown a malicious login page powered by an AITM phishing kit. The campaign uses bot protection to evade detection and likely spreads via targeted emails, similar to past operations. <\/p>\n

\u201cWhen the link is first clicked, the page is silently redirected from a legitimate Google Storage site before loading the page.\u201d reads the report published by Push Security. \u201cA Cloudflare Turnstile check is used to prevent security bots from analyzing the page, before loading either a TikTok or Google themed page. Progressing through the forms ultimately serves up an AITM phishing page.\u201d<\/p>\n

\"\"<\/p>\n

By combining trusted branding, redirects, and layered deception, attackers increase success rates and harvest credentials for further abuse, including account takeover and fraud.<\/p>\n

While phishing campaigns usually mimic platforms like Google or Microsoft, targeting TikTok is becoming more common. <\/p>\n

The platform has long been used to spread malicious links and…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

New AITM phishing wave hijacks TikTok Business accounts https:\/\/securityaffairs.com\/190058\/security\/new-aitm-phishing-wave-hijacks-tiktok-business-accounts.html?amp Publish Date: 2026-03-27 11:23:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":228239,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/03\/image-86.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32,25],"class_list":["post-228238","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228238"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=228238"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228238\/revisions"}],"predecessor-version":[{"id":228240,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228238\/revisions\/228240"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/228239"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=228238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=228238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=228238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}