A recent campaign abuses TikTok for Business’ use of Google Single Sign-On and the platform’s permissive profile bio redirects to mount reverse-proxy AITM phishing that captures credentials and session cookies, then pivots into Google Ad Manager for large-scale ad fraud — all while evading two-factor protections with Cloudflare Turnstile–protected pages hosted on Google Storage. How […]