New Phishing Campaign Targets TikTok for Business Accounts

Push Security identified a new adversary-in-the-middle (AiTM) phishing campaign targeting TikTok for Business accounts by deploying fraudulent Google and TikTok-themed login pages. The attack aims to intercept credentials and session tokens, though no specific victim count or geographic targeting was disclosed. No technical indicators such as CVE IDs, IP addresses, or malware hashes were provided in the report. The campaign leverages deceptive login portals to compromise business accounts, though the exact impact on affected organizations remains unspecified. The discovery was attributed to Push Security’s monitoring efforts without a stated timeline for the campaign’s activity.