The scammers pose as recruiters from companies like American Airlines, Netflix, PepsiCo, and FIFA.
Malicious cyber actors are posing as recruiters from top global companies to dupe people into applying for nonexistent jobs so they can steal their Google account information.
The hackers are sending phishing emails while pretending to hire people for marketing roles, said Will Thomas, a senior threat intel adviser at cybersecurity company Team Cymru, according to a July 5 post published on developer platform GitHub.
“The email addresses the individual by their name and the individual works in the relevant field, therefore the attackers likely did some relevant research and collection,” the post said.
The target is then required to click a link to book a meeting and is asked to submit the credentials of his or her Gmail account.
An example phishing email shows the threat actor posing as a talent acquisition manager for management consulting firm McKinsey & Company. It says the target’s career profile “caught our attention.” The email then asks the target to click a “View Calendar & Schedule Call” link if interested in working for the company.
When the target clicks, they go to a landing webpage that purportedly seeks to schedule a 30-minute meeting with the manager. The page has a “Continue with Google” button at the bottom that looks genuine but is illegitimate. If the target complies, they end up granting the hackers access to their Google credentials.
Thomas said the attackers are using various legitimate platforms to carry out the scam.
The email is sent from PeopleForce, which is a genuine online Human Resource Management and Applicant Tracking System platform, with the email pointing to Salesforce Marketing Cloud.
The attackers have been seen impersonating 20 major companies that operate in airlines and travel, food and beverage, apparel and luxury goods, hospitality and marketing, entertainment and sports, and staffing, consulting, and tech sectors. This includes American Airlines, Delta Airlines, United Airlines, Coca-Cola, Red Bull, PepsiCo, Adidas, Louis Vuitton, OpenAI, Adobe, Marriott, FIFA, and Netflix.
The threat actors use fake domains of these companies as landing pages to dupe targets into thinking they are on legitimate webpages. For instance, a scam letter claiming to be from Netflix or OpenAI can direct the target to jobsatnetflix.com or careers-openai.com, which are owned by the hacker.






