TikTok for Business phishing campaign using Turnstile and reverse proxy
Campaign
Summary
Hide ▲
Show ▼
A phishing campaign is targeting TikTok for Business accounts and uses Cloudflare Turnstile to block automated analysis before exposing a reverse-proxy credential-stealing page. The operation can let attackers hijack accounts even when 2FA is enabled, increasing risk of ad fraud, malvertising, and malicious-content distribution. Victims are funneled through Google Storage redirects to lookalike pages registered on March 24. The activity matters because business-account abuse can translate into broader advertising and platform abuse.
Related Happenings
REF6045 ClickFix banking fraud campaign targeting Mexican financial users
Campaign
H score36
First: 08.07.2026 15:52
Last: 08.07.2026 15:52
Sources 1
About this happening:
The **REF6045** campaign is actively targeting **customers of Mexican banks, fintechs, payment processors, and cryptocurrency exchanges**, using **ClickFix** lures to push victims...
REF6045 ClickFix banking fraud campaign targeting Mexican financial users
CampaignAbout this happening: The **REF6045** campaign is actively targeting **customers of Mexican banks, fintechs, payment processors, and cryptocurrency exchanges**, using **ClickFix** lures to push victims...
Hotel and hospitality photo-ZIP phishing campaign
Campaign
H score40
First: 26.06.2026 12:27
Last: 26.06.2026 12:27
Sources 1
About this happening:
An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...
Hotel and hospitality photo-ZIP phishing campaign
CampaignAbout this happening: An **active phishing campaign** is targeting **hotel and hospitality organizations** across **Europe and Asia**, increasing the risk of **front-desk machine compromise** and durab...
Google civil lawsuit against Outsider Enterprise
Regulatory/Legal Action
H score55
First: 14.06.2026 17:36
Last: 14.06.2026 17:36
Sources 1
About this happening:
**Google** filed a **civil lawsuit** against **Outsider Enterprise**, adding legal pressure to a major **phishing infrastructure** operation that sent fraudulent texts at scale. T...
Google civil lawsuit against Outsider Enterprise
Regulatory/Legal ActionAbout this happening: **Google** filed a **civil lawsuit** against **Outsider Enterprise**, adding legal pressure to a major **phishing infrastructure** operation that sent fraudulent texts at scale. T...
Google DoubleClick malspam campaign delivering DesckVB RAT
Campaign
H score33
First: 03.06.2026 19:29
Last: 03.06.2026 19:29
Sources 1
About this happening:
A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...
Google DoubleClick malspam campaign delivering DesckVB RAT
CampaignAbout this happening: A **new malspam campaign** is abusing **Google's DoubleClick** redirect path to evade detection and deliver **DesckVB RAT**, putting users and organizations at risk of malware inf...
Google Chrome DBSC rolls out session-cookie theft protection for all users
Security Tool/Service
H score10
First: 29.05.2026 15:08
Last: 29.05.2026 15:08
Sources 1
About this happening:
Google's **Chrome Device Bound Session Credentials (DBSC)** is now **generally available** and rolling out to **all users**, reducing the risk of **account takeovers** from stolen...
Google Chrome DBSC rolls out session-cookie theft protection for all users
Security Tool/ServiceAbout this happening: Google's **Chrome Device Bound Session Credentials (DBSC)** is now **generally available** and rolling out to **all users**, reducing the risk of **account takeovers** from stolen...
Timeline
-
26.03.2026 16:09 2 articles · 3mo ago
TikTok for Business phishing pages are registered
Campaign Scope UpdateCloudflare-hosted phishing pages targeting TikTok for Business accounts are registered on March 24 via NiceNIC, and the setup uses lookalike domains hosted in the same Google Storage bucket.
Show sources
- TikTok for Business accounts targeted in new phishing campaign — www.bleepingcomputer.com — 26.03.2026 16:09
- New Wave of AiTM Phishing Targets TikTok for Business — www.infosecurity-magazine.com — 27.03.2026 18:01
-
26.03.2026 16:09 1 articles · 3mo ago
Public disclosure of the TikTok for Business phishing campaign
Initial DisclosureThreat actors target TikTok for Business accounts through Cloudflare-hosted phishing pages that use a Cloudflare Turnstile check to block automated analysis and a reverse-proxy login page to steal credentials and session cookies, allowing account hijacking even when 2FA is enabled and possible abuse through Google single sign-on (SSO).
Show sources
- TikTok for Business accounts targeted in new phishing campaign — www.bleepingcomputer.com — 26.03.2026 16:09