A phishing campaign is impersonating more than 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, in fake job interviews to steal Google account credentials from marketing professionals.
The operation is abusing the legitimate cloud-based PeopleForce human resources platform and a domain associated with the Salesforce Marketing Cloud service before redirecting the recipient to a malicious landing page.
To further instill trust and increase the chances of success, the threat actor is using the names and pictures of real recruiters at impersonated companies.
Will Thomas, senior advisor at cybersecurity intelligence and threat hunting company Team Cymru, analyzed the campaign and discovered that the phishing email pretends to be from “a recruiter looking to hire people for marketing roles.”
The researcher uncovered that the threat actor is using at least 34 domains impersonating high-value companies in the following sectors:
Airlines and travel: American Airlines, Booking.com, Delta Air Lines, United Airlines
Food and beverage: Coca-Cola, PepsiCo, Red Bull
Apparel and luxury goods: Adidas, Louis Vuitton, Sephora, Levis
Staffing, consulting, and tech: Adobe, Aquent, ManpowerGroup, McKinsey & Company, OpenAI
Hospitality and marketing: Marriott, Omnicom Group
... continue reading