Fake Netflix, Coca-Cola, and FIFA job scams target marketers


Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate.

A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including Netflix, Coca-Cola, Adidas, and FIFA.

The lure is a fake job interview or scheduling request from a “recruiter” representing one of these major companies. The impersonating website then shows the victim a fake Google sign-in pop-up built inside the page, rather than a real browser window.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Scammers impersonating TSA pre-check to steal your money and information

    December 10, 2024

    A new warning as we head into the busy holiday travel season. It would be best to be on guard for fake TSA precheck websites. “We are seeing a disturbing trend of mimicking TSA-like sites,” says Karin Zilberstein with Guardio, a browser extension that identifies fake websites and other malware. She says Guardio has discovered ...

  • Romanian energy supplier struck by ransomware attack

    December 10, 2024

    Romanian energy supplier Electrica Group has confirmed suffering a cyberattack in the latest incident to hit major institutions in the country. In a press announcement, the company said it was investigating an “ongoing cyberattack” together with the local law enforcement. The company did not detail the attack, its nature, goal, or the identity of the threat ...

  • Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

    December 9, 2024

    European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities started an investigation when the service was found on the phone of a criminal convicted ...

  • Fake video conferencing apps are targeting Web3 workers to steal their data

    December 9, 2024

    Researchers are warning of a new “fake job” hacking campaign that targets primarily people working in the Web3 (blockchain) industry. Experts at Cado Security Labs revealed the campaign started in September 2024, aiming to trick people into downloading infostealing malware to their devices, both for Windows and macOS. In some examples observed by the researchers, the ...

  • “Termite” ransomware group claims responsibility for the Blue Yonder attack

    December 9, 2024

    On Friday, the “Termite” ransomware group claimed responsibility for the attack on its dark web leak site. In a post seen by TechCrunch, the gang claims to have stolen 680 gigabytes of data from Blue Yonder, including documents, reports, insurance documents and email lists, which Termite says it intends to use “for future attacks.” In a ...

  • Massive New Jersey cybersecurity breach leads to thousands of stolen SSNs

    December 7, 2024

    The social security numbers, driver’s licenses, payroll, health and other personal details of Hoboken city workers were among the data stolen in a “massive” cybersecurity breach last month. According to a list of thousands of stolen files obtained by The Jersey Journal, every department in City Hall — ranging from payroll to construction, health, and animal ...