What's Happening?
A new wave of Adversary-in-the-Middle (AiTM) phishing attacks has been identified, targeting TikTok for Business accounts. Cybersecurity firm Push Security reported that these phishing pages, registered on March 24, use TikTok- or Google-themed content
to deceive users. The pages are hosted on Cloudflare and registered through Nicenic International Group, known for bulk phishing domain registration. The campaign employs a naming convention of welcome.careers*[.]com and is expected to expand. The phishing pages redirect users through a legitimate Google Cloud Storage site before presenting the malicious content, using a Cloudflare Turnstile check to evade security bots.
Why It's Important?
This phishing campaign represents a significant threat to businesses using TikTok for marketing and outreach. By exploiting trusted brands like TikTok and Google, cybercriminals increase the likelihood of successful attacks. The use of sophisticated techniques, such as redirecting through legitimate sites and employing security checks, highlights the evolving nature of phishing threats. Businesses must remain vigilant and enhance their cybersecurity measures to protect against such attacks, which can lead to data breaches and financial losses.
