This Interview Scam Is a Trick to Steal Your Google Credentials.

Job seekers are currently facing a tough time, and scammers are targeting candidates hoping to land positions at well-known companies. A new phishing campaign is using fake interview invitations—posing as brands like Adidas, Netflix, Adobe, and FIFA—to steal users’ Google credentials.

Employment scams are nothing new, and they take many forms: from fake job offers sent via text messages to fake applications distributed through Google Forms . Even scammers posing as Netflix conducted a similar recruiting email campaign last year. The scammers typically try to trick you into revealing personal information or convincing you to send them money for various (fake) employment-related expenses.

How the Fake Job Interview Scam Works

As BleepingComputer reports , this employment scam primarily targets marketing professionals seeking high-paying positions in various sectors, including technology, hospitality, tourism, food, entertainment, and luxury goods.

You may also like

The scam begins with a phishing email from a “recruiter” from one of more than 34 companies , inviting candidates to schedule a meeting for further discussion. The scammers appear to use the names and photos of real recruiters from these companies, reducing the likelihood of victims becoming suspicious when attempting to verify their authenticity.

If a candidate clicks on the recruiter’s calendar link, they will be redirected multiple times to a malicious website disguised as a legitimate interview booking page. From there, they will be prompted to sign in to Google, after which they will be taken to a fake login interface that appears to be a Google authentication pop-up but is actually part of a phishing page. (This is an example of a browser-within-a-browser (BitB) attack .)

The attackers appear to be using the legitimate HR platform PeopleForce and a domain owned by Salesforce to carry out the scam, although it is unclear whether they are creating accounts or using stolen credentials.

What do you think at the moment?

Signs of a fake job posting scam

Like all scams, this one plays on emotions, such as the excitement of a job offer for a highly sought-after position in a competitive job market. If you receive an unsolicited message from a recruiter, whether via email, LinkedIn, or another social media platform, be wary—especially if you didn’t apply for the job or the offer seems too good to be true. If you’re unsure, go directly to the company’s careers page to find the posting.

Just because a link to a calendar or app looks like a legitimate website doesn’t mean you’re safe. Scammers obviously use a variety of methods to spoof URLs or redirect traffic so you don’t realize you’ve been phishing. Carefully examine the address bar in the final window for hidden characters or other tricks in URLs .

If you’re asked to enter single sign-on credentials (such as Apple, Google, or Facebook) when scheduling an interview or filling out an application, this is a warning sign. Try interacting with the pop-up window, for example, by dragging it outside the main browser window or highlighting the URL. If this doesn’t work, it’s likely a fake. A password manager can also protect against BitB attacks, as these tools won’t fill credentials unless they’re from a legitimate domain.

More…

Leave a Reply