Bleepingcomputer
Phishing Campaign Targets Marketing Professionals with Fake Job Interviews
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A phishing campaign is impersonating over 30 major brands, including Adobe and Netflix, to steal Google account credentials from marketing professionals. The attackers pose as recruiters offering marketing roles, using the PeopleForce HR platform to lend credibility. The campaign employs nested redirects through legitimate services, ultimately leading victims to a malicious landing page designed to capture Gmail credentials. The operation has been active for at least five months, utilizing real names and images of recruiters to enhance trust. Victims are misled into signing into a fake Google authentication prompt. The threat actor may have created accounts on legitimate platforms or used compromised logins to configure the phishing setup. A list of domains involved in the campaign has been made available by researchers. Security teams have reported a 54% success rate in these phishing attempts.
Key Points: • Phishing campaign impersonates over 30 major brands to steal credentials. • Attackers use legitimate platforms to create a convincing phishing environment. • The operation has been active for at least five months with significant success.