A note from Craig & Alexios: Indicator is a small operation—just the two of us—and paid memberships are what keep us going. We’re kicking off 2026 with a limited time 20% discount on Indicator memberships. Upgrade now to get full access to this investigation, all of our reporting and OSINT guides, a monthly workshop, and access to workshop recordings and transcripts. Upgrade now.
Shady marketers have cracked a viral formula: promise users easy money for watching TikTok videos, then trick them into downloading software or joining dubious reward programs. More than 40 TikTok accounts have generated over 71 million views with the scheme, Indicator found.
“Just realized you can get paid to watch TikTok” read the text overlaid on a video with more than 21 million views. The six second video shows a user turning on a feature in their TikTok settings called “Watch videos & earn money.”
Obviously, TikTok doesn't pay users to watch videos. But it’s an effective hook to get people to visit a website in the hope that they can register for the program. Once on the site, users are tricked into taking an action — such as installing a piece of software — that will earn a commission for the unscrupulous affiliate marketer(s) behind the operation.
Indicator found that many of the pages/sites were hosted on Lovable, a vibe coding platform that has previously been used by threat actors as part of their campaigns. After being contacted, Lovable removed several pages and in some cases put up this notice:
“Lovable follows a proactive Trust and Safety strategy that combines human expertise with AI oversight to detect, prevent, and respond to malicious requests on the platform. We block thousands of attempts to circumvent guardrails and take down hundreds of malicious sites every month,” said a statement from Igor Andriushchenko, Lovable’s chief information security officer. “Verification of these types of scams is complex since they often rely on external links and off-platform activity that is external to Lovable.”
TikTok did not respond to a request for comment. The accounts remain active as of this writing.
The scheme shows how easy it is for black hat marketers to generate engagement and, presumably, revenue by spreading a false claim about TikTok on TikTok.
Assaf Kipnis, the founder of KTLYST Labs and a former threat intelligence leader at Google, Meta and ElevenLabs, said the accounts represent an additional risk because they could be sold or rented out to spread scams, disinformation, and other harmful content.
“This creates a very strong weapon that can be used for other things,” he said.
The accounts and the sites they promote offer a good investigative case study for digging into an affiliate marketing scheme. I’ll walk through the approaches I used to find the accounts and related websites, identify connections between them, determine that the scheme was connected to affiliate marketing, and share a free tool I use to investigate long URL strings. I also highlight a few points about what the scheme reveals about the current state of TikTok and deceptive marketing tactics.
Table of Contents
Read this for 20% off
We're offering a limited time 20% discount on Indicator memberships. An Indicator membership equips you with practical skills and exclusive intelligence to make you better at your job. Join now to supercharge your skills and knowledge this year.
Upgrade NowA membership gets you:
- Full access to new investigations, OSINT guides, and intelligence reports
- Learn new skills and ask questions at our monthly investigative workshops, plus always-on access to recordings, slides, and transcripts
- Unlimited access to all archival content, including guides and the Academic Library
