Cyber Security

Invited to a “job interview” with Netflix or OpenAI? Be careful! Your Google password may be at risk

Did you get an email from a recruiter at Adobe, Netflix, or OpenAI offering you an exciting new sales role? Well, before you start brushing up on your negotiation style, take a close look at who really supports you.

Security experts discovered a phishing campaign impersonating more than 30 well-known products in fake chats designed to steal Google account passwords.

Will Thomas, threat intelligence researcher, Team Cymru, has identified malicious domains that tarnish household names including Adidas, Adobe, American Airlines, Aquent, Booking.com, Coca-Cola, Delta Air Lines, FIFA, Levis, Louis Vuitton, ManpowerGroup, Marriott, McKinsey & Company, Netflix, Omnipho Red, OpenAI, OpenAI, OpenAI Group, OpenAI, Pepsi Cola, OpenAI, OpenAI, OpenAI, Bullp Group, Netflix Airlines.

What makes the campaign so dangerous is the attention to detail. Rather than using a “Dear Dear Friend” email, the attackers appear to have done their homework (most likely via LinkedIn) addressing recipients by name and targeting people working in the relevant field.

In addition, the attack uses the names and images of real employers in the impersonated companies. In other words, the messages not only claim to be from a specific company, but also appear to be from a specific, real, named person who works in recruiting at the business.

Thomas says the emails appear to have been sent through PeopleForce, an official HR and applicant tracking platform. Meanwhile, links in emails bounce around trusted domains before reaching the phishing web page.

The landing page invites job applicants to the calendaring tool, and prompts them to sign in with their Google account to book an interview slot.

When victims click on “Continue with Google,” a pop-up appears that looks like an official Google confirmation dialog.

The truth is that the pop-up is a browser attack, and any login information entered goes directly to hackers.

It’s worth noting that if you use a good password manager it will refuse to autofill your credentials in a phishing pop-up, because it will recognize that the subdomain is not Google’s.

As The Sleep Computer reports, the campaign has been running for at least five months, which may have misled many people.

Recruitment scams have been around for years, but it seems that they are becoming more sophisticated and targeted in their attempt to attract more victims.

In the past the FBI has warned the public about scammers who use fake ads to steal money and personal information from applicants.

We cannot ignore that changes in the workplace play a role in making recruitment scams like this successful.

Many companies are laying off workers, pointing to artificial intelligence as the reason why they are reducing their workforce.

Marketing departments – which rely heavily on content creation – are among those feeling the pressure, and when people are worried about their job security, an unsolicited email from a well-known brand offering an exciting new position can feel irresistible.

At the beginning of this year, Hot in Security has published a guide explaining how many fake recruitment scams are active, and how to avoid them.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button