Fake Netflix, Coca-Cola, and FIFA job scams target marketers


Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate.

A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including Netflix, Coca-Cola, Adidas, and FIFA.

The lure is a fake job interview or scheduling request from a “recruiter” representing one of these major companies. The impersonating website then shows the victim a fake Google sign-in pop-up built inside the page, rather than a real browser window.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Marquis confirms data breach, point finger of blame at SonicWall firewall

    January 30, 2026

    Marquis, a US fintech company building software for banks and credit unions, has confirmed suffering a ransomware attack and losing sensitive customer data, but shifted the blame onto its firewall provider, SonicWall. In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after unnamed threat actors brute-forced their way into the company’s MySonicWall ...

  • Ivanti patched two critical zero-day vulnerabilities in EPMM

    January 30, 2026

    Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors. In January 2025, tens of thousands were urged to patch a Fortinet zero-day, while Ivanti customers were doing the same. There has been little change ...

  • Supply chain attack on eScan antivirus: detecting and remediating malicious updates

    January 29, 2026

    On January 20, a supply chain attack has occurred, with the infected software being the eScan antivirus developed by an Indian company MicroWorld Technologies. The previously unknown malware was distributed through the eScan update server. The same day, our security solutions detected and prevented cyberattacks involving this malware. On January 21, having been informed by Morphisec, ...

  • Microsoft Office zero-day lets malicious documents slip past security checks

    January 29, 2026

    Microsoft issued an emergency patch for a high-severity zero-day vulnerability in Office that allows attackers to bypass document security checks and is being exploited in the wild via malicious files. Microsoft pushed the emergency patch for the zero‑day, tracked as CVE-2026-21509, and classified it as a “Microsoft Office Security Feature Bypass Vulnerability” with a CVSS score ...

  • CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858

    January 28, 2026

    Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other users in FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer, if FortiCloud single sign on (SSO) is ...

  • SoundCloud data breach hit 29.8 million accounts

    January 28, 2026

    TechRadar now have confirmation exactly how many people were affected by the December 2025 breach at SoundCloud, as well as how users can check if they are affected. In mid-December 2025, SoundCloud confirmed suffering a cyberattack and losing sensitive data on about 20% of its user base – approximately 28 million people. The company did not ...