This Job Interview Scam Is a Ploy to Steal Your Google Credentials


Source: Emily Long / lifehacker.com

Job Seekers Beware: New Phishing Campaign Impersonates Top Brands

In a disturbing trend, scammers are targeting job seekers with fake job interview invitations that aim to steal users’ Google account credentials. The scam, which impersonates brands like Adidas, Netflix, Adobe, and FIFA, has been reported to primarily target marketing professionals looking for positions with high-value companies across various sectors.

The phishing campaign begins with an email from a ‘recruiter’ at one of the targeted companies, inviting candidates to schedule a meeting to discuss further. However, the email is not from a legitimate recruiter, but rather a scammer who has obtained the name and photo of a real recruiter at the company. This makes it difficult for job seekers to verify the legitimacy of the email.

When a job seeker clicks on the link to the recruiter’s calendar, they are redirected multiple times and ultimately land on a malicious website designed to look like a real interview scheduling page. From there, they are prompted to sign in with Google, which launches a fake login interface that looks like Google’s authentication pop-up but is actually just part of the phishing page. This is an example of a browser-in-the-browser (BitB) attack.

Threat actors appear to be using a legitimate HR platform called PeopleForce and a domain operated by Salesforce to initiate the scam, though it’s not clear whether they created accounts or are using stolen credentials. It’s essential to note that scammers have many ways of spoofing URLs or redirecting traffic, making it difficult for job seekers to realize they are being phished.

Signs of a fake job scam include:

  • Unsolicited messages from recruiters, especially if you haven’t applied for a job or the opportunity sounds too good to be true.
  • Links or applications that appear to go to a legitimate site but have sneaky characters or other URL tricks.
  • Prompting to enter single sign-on credentials (such as Apple, Google, or Facebook) to schedule an interview or fill out an application.
  • Difficulty interacting with the pop-up, such as dragging it away from the main browser window or highlighting the URL.

To avoid falling victim to this scam, job seekers should proceed with caution and verify the legitimacy of the email or message. They should also look carefully at the address bar on the final window for sneaky characters or other URL tricks. A password manager can also protect against BitB attacks, as these tools won’t fill credentials, except on the legitimate domain.

It’s essential to remember that employment scams are nothing new, and they come in a variety of flavors, from fake job offers sent via text to fake applications distributed via Google Forms. Netflix impersonators even ran a similar recruitment email campaign last year. Bad actors are typically trying to phish personal information or convince you to send them money for various (fake) onboarding expenses.