It's rough out there for job seekers, and scammers are preying on candidates hoping to get hired by well-known companies. A new phishing campaign uses fake interview invites—impersonating brands like Adidas, Netflix, Adobe, and FIFA—to steal users' Google account credentials.
Employment scams are nothing new, and they come in a variety of flavors, from fake job offers sent via text to fake applications distributed via Google Forms. Netflix impersonators even ran a similar recruitment email campaign last year. Bad actors are typically trying to phish personal information or convince you to send them money for various (fake) onboarding expenses.
As BleepingComputer reports, this job scam primarily targets marketing professionals looking for positions with high-value companies across multiple sectors, including tech, hospitality, travel, food, entertainment, and luxury goods.
The fraud begins with a phishing email from a "recruiter" at one of more than 34 companies, inviting candidates to schedule a meeting to discuss further. Scammers appear to be using the names and photos of real recruiters at these companies, making them less likely to raise suspicion if targets try to verify their legitimacy.
If a job seeker clicks the link to the recruiter's calendar, they'll be redirected multiple times and ultimately land on a malicious website designed to look like a real interview scheduling page. From there, they'll be prompted to sign in with Google, which launches a fake login interface that looks like Google's authentication pop-up but is actually just part of the phishing page. (This is an example of a browser-in-the-browser (BitB) attack.)
Threat actors appear to be using a legitimate HR platform called PeopleForce and a domain operated by Salesforce to initiate the scam, though it's not clear whether they created accounts or are using stolen credentials.
Signs of a fake job scam
Like all scams, this one preys on emotion, like the excitement of being recruited for a highly desirable position in a competitive job market. If you receive an unsolicited message from a recruiter, whether via email, LinkedIn, or some other social platform, proceed with caution—especially if you haven't applied for a job or the opportunity sounds too good to be true. If you're not sure, go directly to the company's careers page to find the listing.
Just because a calendar or application link appears to go to a legitimate site doesn't mean you're safe. Obviously, scammers have many ways of spoofing URLs or redirecting traffic so you don't realize you're being phished. Look carefully at the address bar on the final window for sneaky characters or other URL tricks.
If you're being prompted to enter single sign-on credentials (such as Apple, Google, or Facebook) to schedule an interview or fill out an application, this is a red flag. Try to interact with the pop-up, such as by dragging it away from the main browser window or highlighting the URL. If you can't, it's likely a fake. A password manager can also protect against BitB attacks, as these tools won't fill credentials, except on the legitimate domain.
Hence then, the article about this job interview scam is a ploy to steal your google credentials was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( This Job Interview Scam Is a Ploy to Steal Your Google Credentials )
Also on site :
- Hot French startup ZML releases free product to speed inference across lots of AI chips
- Lionel Messi ‘match-fixing’ conspiracy is all Fifa’s own fault
- Totally Hitlarious: Chris Murphy Worries About Dem Party’s Credibility If Platner Isn’t Properly Replaced
