CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

FraudOnTok Campaign Targets TikTok Shop Users With Lookalike Sites and Malware

By Leave a Comment
LinkedInReddit

A large-scale phishing campaign dubbed “FraudOnTok” is targeting TikTok Shop users through more than 15,000 fake domains designed to mimic the platform’s branding and interface.

The operation, reported by cybersecurity researchers monitoring digital risk activity, uses a vast and fast-expanding infrastructure of lookalike domains and fraudulent social media profiles to trick users into clicking malicious links. These links redirect to phishing pages designed to steal personal and financial information under the guise of TikTok Shop promotions, giveaways, or discounts.

Many of the spoofed domains closely resemble legitimate TikTok Shop URLs — such as “tikshop-gifts” or “tiktok-bonus” — making them easy to mistake for the real thing. Once a victim enters their data, they’re often redirected to the legitimate TikTok Shop website to avoid raising suspicion, while the stolen credentials and payment details are silently exfiltrated to Telegram bots controlled by the attackers.

Tiktok phishing templates

Beyond phishing, security analysts warn that some of these sites also deliver SparkKitty, a malware strain capable of stealing browser-stored credentials, clipboard contents, and cryptocurrency wallet data. In these cases, victims not only lose account access but may also unknowingly compromise sensitive data stored on their devices.

The campaign’s infrastructure is both sophisticated and professionally maintained. Many domains are hosted using fast-flux techniques or rotated through compromised servers to make takedown efforts more difficult. Over 6,000 of the fake domains were registered in just the last few weeks, indicating an aggressive expansion phase.

While the FraudOnTok campaign appears to primarily target TikTok Shop users, the tactics used — especially the distribution of SparkKitty — could easily be repurposed for broader attacks. The operation highlights the increasing overlap between phishing, malware delivery, and social engineering through fake branded content.

TikTok Shop users are strongly advised to remain cautious of links promising rewards or special offers, verify domain names closely, and avoid entering login or payment information outside the official TikTok app or website.

UPDATE: The phishing campaign was initially dubbed “ClickTok,“ but has since been rebranded as “FraudOnTok.“

If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.

LinkedInReddit

More from CyberInsider

About Amar Ćemanović

Amar Ćemanović is an experienced editor and trained engineer with a keen eye for detail and a passion for technology. 
Based in Bosnia, Amar specializes in producing high-quality, engaging content. He holds a Master’s degree in engineering, which helps him maintain a meticulous approach to all editorial work. Amar brings a well-rounded knowledge base, covering everything from tech solutions to privacy tools.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Share to...
BlueskyBufferCopyFlipboardHacker NewsLineLinkedInMastodonMessengerMixNextdoorPinterestPocketPrintRedditSMSTelegramThreadsTumblrVKWhatsAppXingYummly