Phishing Campaign Targets TikTok for Business Accounts, Bypassing 2FA via Google SSO
What Happened — Threat actors launched a phishing operation that lures TikTok for Business users to Cloudflare‑protected pages masquerading as TikTok and Google Careers “Schedule a Call” forms. The pages capture credentials and session cookies, allowing account takeover even when two‑factor authentication is enabled via Google SSO.
Why It Matters for TPRM —
- Compromised business accounts can be weaponized for ad fraud, malvertising, and credential harvesting across multiple platforms.
- The technique evades automated bot detection, increasing the likelihood of successful credential capture.
- Shared Google SSO means a single breach can cascade to other SaaS services used by the same organization.
Who Is Affected — Social media advertising platforms, digital marketing agencies, and any enterprise using TikTok for Business or Google SSO for authentication.
Recommended Actions —
- Review all TikTok for Business vendor contracts and confirm phishing‑resilience controls.
- Enforce passkey or hardware‑based MFA and monitor for anomalous login activity.
- Educate users on verifying URLs and avoiding unsolicited “schedule a call” links.
Technical Notes — Attack vector: phishing with Cloudflare Turnstile bot checks, malicious pages hosted on Google Storage buckets, credential harvesting via reverse‑proxy login pages. No CVE referenced. Data types: login credentials, session tokens. Source: https://www.bleepingcomputer.com/news/security/tiktok-for-business-accounts-targeted-in-new-phishing-campaign/