Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Phishing poses as big-brand job interview to steal Google accounts

0
Medium
Phishing
Published: 07/06/2026 (07/06/2026, 20:27:37 UTC)
Source: Bleeping Computer

Description

A phishing campaign impersonates over 30 well-known brands in fake job interview scenarios targeting marketing professionals to steal Google account credentials. The attackers abuse legitimate cloud-based platforms and use nested redirects through trusted services to reach malicious landing pages. They employ realistic tactics such as using real recruiter names and photos and a browser-in-the-browser technique to mimic Google sign-in pop-ups. The campaign has been active for at least five months and leverages domains associated with Salesforce Marketing Cloud and other cloud services to increase credibility.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/06/2026, 20:36:39 UTC

Technical Analysis

This phishing campaign targets marketing professionals by impersonating recruiters from more than 30 major brands, including Adobe, Netflix, Coca-Cola, and OpenAI. It abuses legitimate cloud-based platforms like PeopleForce and Salesforce Marketing Cloud to create nested redirects that lead victims to malicious landing pages. The attackers use real recruiter identities and a browser-in-the-browser (BitB) technique to present fake Google sign-in pop-ups, tricking victims into submitting their Google credentials. The operation has been ongoing for at least five months and involves multiple sectors such as airlines, food and beverage, apparel, staffing, hospitality, and entertainment. The campaign does not indicate a compromise of the legitimate platforms but likely uses genuine or compromised accounts to configure redirects.

Potential Impact

Successful phishing leads to theft of Google account credentials from targeted marketing professionals, potentially compromising their Google accounts. This can result in unauthorized access to email, personal data, and other Google services tied to the stolen credentials. The use of trusted cloud services and realistic impersonation increases the likelihood of victim success.

Mitigation Recommendations

No official patch or fix applies as this is a phishing campaign. Organizations should educate employees, especially marketing professionals, about this specific phishing tactic involving fake job interviews and the browser-in-the-browser technique. Users should verify URLs carefully and avoid entering credentials on suspicious pages. Since the campaign abuses legitimate cloud services, monitoring for unusual redirect chains and suspicious login attempts is recommended. Vendor-managed remediation does not apply as this is a social engineering attack.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Article Source
{"url":"https://www.bleepingcomputer.com/news/security/phishing-poses-as-big-brand-job-interview-to-steal-google-accounts/","fetched":true,"fetchedAt":"2026-07-06T20:36:31.797Z","wordCount":860}

Threat ID: 6a4c11d027e9c797192ecdc7

Added to database: 07/06/2026, 20:36:32 UTC

Last enriched: 07/06/2026, 20:36:39 UTC

Last updated: 07/07/2026, 00:24:12 UTC

Views: 7

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses