By skyforbes 
Over 15,000 fake TikTok Shop-like sites are distributing malware and phishing via AI-generated promos. Here’s how the ClickTok scam works — and how to stay safe.
If you’ve ever seen a slick TikTok ad promising insane discounts on sneakers or smartphones, don’t celebrate too fast — chances are it might be part of a scam called ClickTok.
CTM360, a Bahrain-based cybersecurity firm, has uncovered a massive global campaign targeting TikTok Shop users. The campaign uses more than 15,000 fake domains that closely resemble official TikTok URLs (like tikto.shop or tiktok[.]icu). Each website either phishes for login info or pushes trojanized versions of the TikTok app to steal cryptocurrency and account credentials.
This isn’t low-effort spam. Threat actors are using AI-generated TikTok videos (think influencer promos that look real but aren’t), Meta ads, and duped affiliate marketers to funnel users to malicious landing pages. They’re banking on trust in brand aesthetics, not on technical exploits.
Three-pronged scam with serious payoff
We’re talking about a campaign that combines phishing, fake e-commerce, and AI-powered persuasion. CTM360 breaks it down like this: