Fake TikTok Account Verification Phishing
Scammers send TikTok creators and businesses messages claiming they qualify for official verification and instruct them to 'complete the process' on a phishing page that steals their TikTok login credentials.
Part of: Verification Badge Phishing Scams
Last reviewed: 7 June 2026
TikTok's rapid growth has made it a major platform for creators, brands, and public figures — and the desire for the blue verification badge that authenticates those accounts is significant. Fraudsters capitalise on this aspiration by reaching out to creators who appear to be building an audience.
The approach combines flattery and authority: 'Congratulations, your account has been selected for official TikTok verification. Complete the process before the offer expires.' Because TikTok does have a verification programme, and because many creators genuinely aspire to it, the message resonates.
The phishing page that victims are directed to looks convincingly like TikTok's login interface. After entering credentials, victims may be shown a fake 'verification pending' screen while attackers use the stolen login in the background.
How this scam works on the TikTok brand
TikTok's official verification process is applied by TikTok itself based on account notability criteria — users do not apply for it through a form or receive proactive outreach by direct message. TikTok communicates account status changes through in-app notifications and through emails from @tiktok.com domains.
Fake verification invitations arrive via TikTok direct message from accounts claiming to be 'TikTok Official', 'TikTok Creator Support', or 'TikTok Verification Team'. These accounts typically have few followers, generic avatars, and no badge. The message links to a site at something like tiktok-creator-verify[.]com that asks for a username and password.
Some more sophisticated variants send an email styled as a TikTok creator programme invitation, complete with TikTok's branding. The 'Accept Invitation' button leads to the same kind of fake sign-in page.
Common red flags
- A DM from an account claiming to be TikTok offers verification — TikTok does not proactively DM creators about verification
- The message creates a deadline: 'complete verification within 48 hours or the offer expires'
- The account sending the message has no badge, few followers, or was created recently
- The link leads to a domain that is not tiktok.com
- The verification process requires you to enter your TikTok password on an external site
- The email address of the sender is not from a @tiktok.com domain
How to protect yourself
- TikTok verification is granted by TikTok — never applied for through a link in a DM or email
- Access your TikTok account settings only via the official TikTok app or tiktok.com
- Enable two-factor authentication in TikTok: tap Profile > Menu > Settings and privacy > Security > 2-step verification
- Use a unique strong password for your TikTok account
- Report suspicious DMs using the three-dot menu on the message and selecting 'Report'
- Check TikTok's official creator support resources at support.tiktok.com
How to report it
- Report the fraudulent account within the TikTok app using the 'Report' option on the profile
- Contact TikTok Support through the in-app feedback form about phishing attempts
- Report the phishing website to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish
- File a report with the FTC at reportfraud.ftc.gov (US) or Action Fraud actionfraud.police.uk (UK)
Frequently asked questions
How does TikTok's real verification process work?
TikTok awards verification badges to accounts that are authentic, notable, and active, based on their own internal review. There is no public application form and no invitation process — TikTok contacts verified creators via the in-app notification system, not through unsolicited DMs.
Can someone take over my TikTok with just my username and password?
Yes, unless you have two-factor authentication enabled. With your login credentials, an attacker can sign in, change the recovery email and phone number, and lock you out. Enabling two-step verification adds a code requirement that makes this much harder.
I entered my credentials on a fake TikTok site. What should I do?
Open the TikTok app immediately and change your password in Settings. Review recent login activity for unrecognised devices and revoke access for any you do not recognise. Enable two-factor authentication if it is not already on.