By skyforbes 
An AI-powered scam campaign is hijacking your phone, wallet, and trust.
In one of the most elaborate scam campaigns of 2025, cybersecurity researchers have uncovered a massive AI-driven operation using more than 15,000 fake TikTok Shop websites to steal user credentials, infect phones with malware, and drain cryptocurrency wallets.
Codename: FraudOnTok.
This scam doesn’t just rely on spam or sketchy emails. It’s smart, slick, and built for maximum deception using the latest in AI video generation, social media ads, and mobile malware.
It All Starts with a Fake TikTok Shop
Imagine you’re scrolling TikTok or Facebook, and you see a legit-looking ad for the TikTok Shop — discounted items, promo codes, influencer shoutouts, even brand ambassadors. Everything looks authentic.
But it’s not.
Instead, you’re sent to a lookalike site — one of over 15,000 fake domains hosted on .shop, .top, and .icu TLDs. From there, you’re either:
- Tricked into downloading a malicious TikTok app
- Asked to log into a fake TikTok Shop
- Convinced to deposit crypto into a fake affiliate storefront