Fri Oct 04 06:00:00 UTC 2024: ## TikTok Targeted in New Phishing Campaign Targeting Microsoft Accounts

**San Francisco, CA** – A new phishing campaign targeting millions of iPhone and Android users on the popular social media platform TikTok has been discovered. Cybersecurity firms Cofense and Zimperium have issued warnings, alerting users that malicious links shared on TikTok are being used to redirect users to fake websites designed to steal Microsoft account credentials.

This attack leverages the trust users have in the platform, using seemingly legitimate Microsoft login pages with the company’s logo to create a sense of urgency. The phishing emails claim that all user messages will be deleted unless immediate action is taken, a common tactic used to scare users into providing their credentials.

The malicious websites even include a company phone number, creating a convincing facade. However, upon closer inspection, the site’s design and source are not as polished as a legitimate Microsoft alert should be.

“The use of TikTok in this case stands out,” Cofense says, highlighting the growing trend of threat actors exploiting social media platforms to deceive users.

This attack underscores the need for vigilance, particularly on mobile devices where it’s harder to identify phishing attempts due to limited screen space. Experts urge users to be cautious of links shared on TikTok, especially those claiming to be from trusted sources like Microsoft.

Both Zimperium and Cofense advise users to double-check the legitimacy of any link before clicking and to be wary of any messages claiming urgent action is required.

Read More