Fake Netflix, Coca-Cola, and FIFA job scams target marketers


Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate.

A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including Netflix, Coca-Cola, Adidas, and FIFA.

The lure is a fake job interview or scheduling request from a “recruiter” representing one of these major companies. The impersonating website then shows the victim a fake Google sign-in pop-up built inside the page, rather than a real browser window.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

    January 12, 2021

    Microsoft addressed 10 critical bugs, one under active exploit and another publicly known, in its January Patch Tuesday roundup of fixes. In total it patched 83 vulnerabilities. The most serious bug is a flaw in Microsoft’s Defender anti-malware software that allows remote attackers to infect targeted systems with executable code. Security experts are warning that Windows ...

  • macOS malware used run-only AppleScripts to avoid detection for five years

    January 12, 2021

    For more than five years, macOS users have been the targets of a sneaky malware operation that used a clever trick to avoid detection and hijacked the hardware resources of infected users to mine cryptocurrency behind their backs. Named OSAMiner, the malware has been distributed in the wild since at least 2015 disguised in pirated (cracked) ...

  • New Zealand Reserve Bank breached using bug patched on Xmas Eve

    January 12, 2021

    A recent data breach at the Reserve Bank of New Zealand, known as Te Pūtea Matua, was caused by attackers exploiting a critical vulnerability patched the same day. Over the weekend, the Reserve Bank disclosed that they suffered a data breach after an attacker hacked a third-party file sharing service containing sensitive data. In a new advisory ...

  • Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

    January 12, 2021

    A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced. Mimecast provides email security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast’s servers. The certificate in question is used ...

  • New Sunspot malware found while investigating SolarWinds hack

    January 12, 2021

    Cybersecurity firm CrowdStrike has discovered the malware used by the SolarWinds hackers to inject backdoors in Orion platform builds during the supply-chain attack that led to the compromise of several companies and government agencies. Sunspot, as it was dubbed by CrowdStrike, was dropped by the attackers in the development environment of SolarWinds’ Orion IT management software. After ...

  • Capitol attack’s cybersecurity fallout: Stolen laptops, lost data and possible espionage

    January 11, 2021

    When hostile actors penetrated the Capitol Building on January 6, they gained access to individual chambers and offices and remained at large within the Capitol complex for well over two hours. We have reports that items were stolen. One report comes from acting US Attorney for DC, Michael Sherwin, who stated “items, electronic items were stolen ...