Got a job interview invite from Coca-Cola or Netflix? It might be a trap.
Security researchers found a phishing campaign impersonating more than 30 big brands. Adobe, Coca-Cola, OpenAI, Netflix, Adidas — they’re all being used as bait. The goal? Steal Google account credentials from marketing professionals.
Here’s how it works. You get an email that looks like it’s from a recruiter at one of these companies. It comes through PeopleForce, a legitimate HR platform. There’s a link that routes through Salesforce’s ExactTarget domain before landing on a fake page. The redirect chain makes it hard to spot the scam.
The fake page looks like a meeting scheduler. You’re asked to sign in with Google to book the interview. But the login popup isn’t real. It’s a browser-in-the-browser trick — HTML and CSS made to look like a Chrome authentication window. Your credentials go straight to the attacker.
Will Thomas from Team Cymru analyzed the campaign. He found at least 34 domains impersonating companies across airlines, food, apparel, tech, and entertainment. The attackers use real recruiter names and photos they found on LinkedIn.
The operation has been running for at least five months. Earlier versions used Outlook addresses with the company name. Now they’ve refined the process.
If you’re a marketer or in HR, be wary of unsolicited interview invites. Verify through official channels. Don’t click the sign-in button on a page you got in an email.
