SiliconAngle reports that TikTok URLs have been leveraged by threat actors to compromise Microsoft 365 credentials as part of a new phishing campaign.
Attacks commence with the distribution of malicious emails purporting to be an Office 365 alert luring recipients to cancel a request for inbox email deletion through a button that contains the TikTok URL, according to a Cofense Phishing Defense Center analysis. Clicking the link would trigger several redirects before landing on a Microsoft login page-resembling phishing site that seeks credentials and includes a link that also redirects to the phishing page, noted the report. "This campaign highlights the increasing sophistication of threat actors who exploit social media platforms to deceive recipients. By exploiting TikTok's popularity to potentially bypass suspicion and by impersonating a company's IT department with false urgent messages, attackers exploit both user trust and fear of data loss," said researchers Brandon Cook and Brooke McLain.