TikTok Business phishing campaign uses bot checks to sidestep analysis

Attackers are using evasive phishing infrastructure to hijack TikTok for Business accounts and, in some cases, linked Google logins.

A high-value target for cybercriminals

Security researchers are tracking a phishing campaign aimed at the TikTok for Business niche, a niche target valued because compromised advertiser accounts can be used for malvertising, ad fraud, and the spread of malicious content at scale. Push Security says the activity resembles a campaign it documented in late 2025 that went after Google ad-related accounts, suggesting threat actors are refining a proven playbook rather than inventing a new one from scratch.

Much like aged Instagram accounts, business-facing TikTok accounts carry more reach and credibility than ordinary profiles. A stolen account can become an instant launchpad for scam ads, fraudulent promotions or malicious redirects.

Evasion built into the phishing chain

According to campaign reporting, the attack chain uses a legitimate Google Storage URL as part of the redirect flow before presenting a Cloudflare Turnstile check designed to frustrate automated analysis. The phishing domains were reportedly registered on March 24, 2026 and the pages impersonate TikTok for Business and Google Careers scheduling flows to avoid suspicion.

In recent phishing scenarios, attackers increasingly hide behind trusted cloud infrastructure and anti-bot mechanisms to keep scanners, sandboxes and researchers from detecting the payload immediately.

Why 2FA may not be enough

The greatest danger is the use of an adversary-in-the-middle, or AiTM, phishing setup. Because the fake page acts as a live proxy between victim and legitimate service, it can capture credentials and session cookies in real time, allowing account takeover even when traditional two-factor authentication (2FA) is enabled.

Security researchers also warned that users who sign in to TikTok with Google SSO (single sign-on) could effectively hand over access to both ecosystems in one hit. The safest advice remains to distrust unsolicited invites, inspect domains carefully and move high-value accounts to phishing-resistant authentication where possible.

Added protection is crucial

Users worried about fake TikTok for Business invites can add a simple verification step before clicking or logging in. Bitdefender Scamio can help assess suspicious messages, links, screenshots or email text, making it easier to spot a phishing attempt before credentials are exposed.

For broader protection, Bitdefender Ultimate Security adds an extra layer of security by helping block malicious links and detect suspicious activity on the device. In phishing campaigns designed to steal access to business accounts, that extra protection can make the difference between safety and complete account takeovers.