TikTok Phishing Credential-Stealing Scams Threats In-App Users Security 

TikTok phishing triggering concerns of growing risk of more personal devices access enterprise systems, after previous attacks

A surge in phishing attempts via social media platforms, with the latest one being TikTok phishing triggering concerns of growing risk of more personal devices access enterprise systems, after previous attacks targeted YouTube and Facebook, according to cybersecurity company Cofense. 

According to cybersecurity company Cofense, there has been a spike in phishing attempts using popular social media platforms, including TikTok, to spread malicious links. Although phishing attacks in the past have targeted platforms such as YouTube and Facebook, the usage of TikTok introduces a new and concerning trend.  

Just last week, Zimperium pointed out that the increasing proliferation of mobile devices – especially personal devices accessing enterprise systems – has resulted in a massive expansion in data breaches, where over half of the organizations measured experienced incidents related to employees’ poor judgment for access to sensitive information. 

These TikTok security concerns which are now added to the growing list of vulnerabilities associated with the ByteDance-owned social company.  

The latest findings from Cofense detail a new development where malicious actors are using the TikTok mobile-only platform to launch fake URLs to send users to any website that the owner of that profile desires.  

This tactic exploits the trust many users place in the platform, making them susceptible to a credential stealing attack.  Since 2020, phishing attacks have remained a concern for the Federal Bureau of Investigation (FBI), and since then, 83% of phishing sites target only mobile, a trend that makes it hard for users to detect threats on the smaller screens where the sneak signs may be hidden or not obvious at all. 

The phishing campaign highlighted by Cofense, which specifically targets Microsoft accounts. In this case, users were sent phishing emails claiming their Office 365 messages would be deleted unless immediate action was taken, the fake alerts in such phishing emails spread fear among the targeted users. Phishing generally uses this tactic, stimulating fear among the targets and these emails have been designed to look like legitimate communications from a user’s IT department, which could leave victims in confusion. 

While there are a few giveaways the phishing site might show, it requires the user to be informed. The demographic exposed to TikTok phishing is also younger compared to other social media platforms, from there, the application becomes a perfect target for such scams. Users will easily get tricked into a fake login page fashioned with Microsoft’s branding, complete with a company phone number for the company. 

Final Thoughts 

Zimperium experts said that the personal apps downloaded from public app stores may bring malware or exploit platform vulnerabilities and affect enterprise applications and in-app data. Cofense said that threat actors continue to evolve and become more sophisticated, with TikTok phishing becoming the dominant concern as social media becomes a trap to deceive users. 

At the end of the day, as the Chinese company gains more momentum, the chances of phishing incidents on the platform increase. The legal battles against social media platforms, with TikTok taking the lead in the past year, the past four years have shaken the very foundation of social media’s security and protection against phishing attacks, raising cautions when clicking on any TikTok phishing link. 


Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Tech sections to stay informed and up-to-date with our daily articles.