Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

TikTok for Business phishing campaign using Turnstile and reverse proxy

Campaign
First reported
Last updated
Happening score
H score 34
2 unique sources, 2 articles

Summary

Hide ▲

A phishing campaign is targeting TikTok for Business accounts and uses Cloudflare Turnstile to block automated analysis before exposing a reverse-proxy credential-stealing page. The operation can let attackers hijack accounts even when 2FA is enabled, increasing risk of ad fraud, malvertising, and malicious-content distribution. Victims are funneled through Google Storage redirects to lookalike pages registered on March 24. The activity matters because business-account abuse can translate into broader advertising and platform abuse.

Related Happenings

Kali365 Microsoft 365 device-code phishing campaign

Campaign
First: 25.05.2026 15:45 Last: 25.05.2026 15:45 Sources 1

About this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...

Open Happening

TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria

Campaign
First: 11.05.2026 18:15 Last: 11.05.2026 18:15 Sources 1

About this happening: The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....

Open Happening

Google sponsored search ManageWP phishing campaign

Campaign
First: 07.05.2026 00:36 Last: 07.05.2026 00:36 Sources 1

About this happening: A **phishing campaign** is abusing **Google sponsored search results** to impersonate **ManageWP** and steal login credentials, **2FA codes**, and account access. The operation ma...

Open Happening

Amazon SES phishing and BEC abuse campaign

Campaign
First: 04.05.2026 23:03 Last: 04.05.2026 23:03 Sources 1

About this happening: A phishing campaign is abusing Amazon Simple Email Service (SES) to send convincing emails that can bypass standard authentication and reputation-based defenses. Attackers are usi...

Open Happening

AccountDumpling Google AppSheet Facebook phishing campaign

Campaign
First: 01.05.2026 21:09 Last: 01.05.2026 21:09 Sources 1

About this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...

Open Happening

Timeline

  1. 26.03.2026 16:09 2 articles · 2mo ago

    TikTok for Business phishing pages are registered

    Campaign Scope Update

    Cloudflare-hosted phishing pages targeting TikTok for Business accounts are registered on March 24 via NiceNIC, and the setup uses lookalike domains hosted in the same Google Storage bucket.

    Show sources
    Open in new tab
  2. 26.03.2026 16:09 1 articles · 2mo ago

    Public disclosure of the TikTok for Business phishing campaign

    Initial Disclosure

    Threat actors target TikTok for Business accounts through Cloudflare-hosted phishing pages that use a Cloudflare Turnstile check to block automated analysis and a reverse-proxy login page to steal credentials and session cookies, allowing account hijacking even when 2FA is enabled and possible abuse through Google single sign-on (SSO).

    Show sources
    Open in new tab