Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate.
A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including Netflix, Coca-Cola, Adidas, and FIFA.
The lure is a fake job interview or scheduling request from a “recruiter” representing one of these major companies. The impersonating website then shows the victim a fake Google sign-in pop-up built inside the page, rather than a real browser window.
To avoid detection, the attackers route victims through a chain of legitimate services before they reach the phishing site. So, instead of going straight from A to D, you go A → B → C → D. In phishing, attackers use this to make the final malicious site look less suspicious, because the victim passes through legitimate-looking services first.
“The operation is abusing the legitimate cloud-based PeopleForce human resources platform and a domain associated with the Salesforce Marketing Cloud service before redirecting the recipient to a malicious landing page.”







