Phishing Scams on TikTok
How fraudsters use TikTok's video format, creator impersonation, and DM links to deliver phishing attacks and recruit victims into investment fraud.
Part of: Phishing
Last reviewed: 1 June 2026
TikTok's rapid video format and algorithm-driven content discovery create a unique phishing environment. Scammers create videos impersonating well-known creators or financial influencers, use viral challenge formats as vehicles for credential harvesting, and DM users with links to lookalike login pages.
Younger users who grew up on TikTok may be more familiar with its interface but can be caught off guard by scams that look like native content — such as a video saying 'follow this link in my bio for a free gift card' that leads to a phishing form.
How this scam works on TikTok
A common TikTok phishing pattern is a video claiming to be from a popular creator announcing a giveaway, with instructions to visit a link in their bio. The link leads to a page asking for your TikTok login or personal details to 'verify eligibility.' Another variant is a duet or stitch impersonating a creator's style to appear authentic.
Investment scam content increasingly uses TikTok's format: short videos showing phone screens with growing crypto balances, account-making sounds, and calls to action to visit a platform link. The TikTok algorithm's preference for high-engagement content can amplify these videos before they are removed. Direct messages from TikTok accounts offering investment coaching or business partnerships are another vector.
Common red flags
- TikTok bio link that leads to a login page unrelated to the creator's stated purpose
- Giveaway video asking you to enter personal details or social login credentials to participate
- DM from a TikTok account offering investment coaching with a platform link
- Video using a popular creator's face and style but from a different account
- Investment video with no verifiable creator identity, only a link to a trading platform
How to protect yourself
- Enable TikTok's two-factor authentication in Settings > Security > Two-step verification
- Never enter TikTok or other credentials on pages reached from a TikTok bio link without verifying the URL
- Report suspicious accounts and videos using TikTok's in-app report function
- Do not follow trading platform links from TikTok videos — verify platforms independently
- Review which apps have access to your TikTok account in Settings > Apps and websites
How to report it
- Report the video or account inside TikTok using the three-dot menu > Report
- Report investment fraud to your national financial regulator
- File a cybercrime report with screenshots if personal or financial data was compromised
Frequently asked questions
How do phishing scams work through TikTok's video format specifically?
Scammers post videos impersonating creators or brands (sometimes using stolen or AI-manipulated footage) that direct viewers to click a bio link or DM for "more information," which leads to a phishing page or a pitch to join an investment scheme. The short, high-engagement video format helps the content spread quickly before it's reported and removed.
A TikTok creator I follow DMed me a link to an "exclusive" investment opportunity — is that really them?
Verify by checking whether the message came from their actual verified account (check the handle carefully, not just the display name and photo) and be skeptical regardless, since creator accounts are sometimes compromised or impersonated by lookalike accounts specifically to send these DMs. Don't click investment links sent via DM without independently confirming the opportunity through the creator's official, publicly posted content.
I clicked a TikTok bio link and entered my login details on what I now think was a fake page — what should I do?
Go to the real platform's website directly (typed manually) and change your password immediately, then check for any unauthorized account activity. Report the TikTok account or video that led you there so it can be reviewed and potentially removed.
Can I get my TikTok account back if it was phished?
TikTok has an account recovery process through its in-app Help Center and via support.tiktok.com. You can verify your identity via phone number or email. Enable two-step verification immediately after recovery to prevent repeat compromise.