Listen to the episode
TLDR
A new phishing campaign is impersonating over 30 well known brands, including Adobe, Netflix, Coca Cola, and OpenAI, by sending fake job interview invitations designed to steal Google account credentials from marketing professionals....
How it works
A new phishing campaign is impersonating over 30 well known brands, including Adobe, Netflix, Coca Cola, and OpenAI, by sending fake job interview invitations designed to steal Google account credentials from marketing professionals....
Red flags
- : Unsolicited interview invitations claiming to represent major brands, with recruiters having no verifiable LinkedIn profile or company email Interview portals hosted on lookalike domains or Google Forms that unexpectedly require re authentication of your Google account High pressure messages offering unusually generous salaries for entry level or remote roles
What to do
- 1: Verify every recruiter by contacting the brand through its official careers page before replying or clicking any link Never sign in to Google from a link inside an unsolicited message
- 2open the browser and navigate to the site yourself Enforce two factor authentication on your Googl
Source
bleepingcomputer
Source reviewed by Mythos Forensic Team
https://www.bleepingcomputer.com/news/security/phishing-poses-as-big-brand-job-interview-to-steal-google-accounts/FAQ
Is Phishing Campaign Impersonates Adobe, Netflix and OpenAI in Fake Job Interviews to Steal Google Credentials a real scam pattern?
Yes. Treat the message, call, or payment request as suspicious until you verify it through an official channel.
What are the first warning signs?
: Unsolicited interview invitations claiming to represent major brands, with recruiters having no verifiable LinkedIn profile or company email Interview portals hosted on lookalike domains or Google Forms that unexpectedly require re authentication of your Google account High pressure messages offering unusually generous salaries for entry level or remote roles
What should I do first?
: Verify every recruiter by contacting the brand through its official careers page before replying or clicking any link Never sign in to Google from a link inside an unsolicited message; open the browser and navigate to the site yourself Enforce two factor authentication on your Googl
Can LegalAudit check my case?
Yes. Start a free chat and paste the message, link, sender, or payment details for triage.