The phishing campaign uses several tactics, including nested redirects, to evade detection and steal credentials from unsuspecting targets.
July 7, 2026
A job-recruiting-focused phishing campaign is abusing legitimate platforms and masquerading as some of the biggest corporate brands to get marketing professionals to give up their Google credentials.
First spotted by Will Thomas, senior threat intelligence adviser at Team Cymru, the campaign poses as job recruiters looking to hire marketing professionals for major brands such as Coca-Cola, Louis Vuitton, McKinsey & Company, Netflix, OpenAI, and FIFA.
"The email addresses the individual by their name and the individual works in the relevant field, therefore the attackers likely did some relevant research and collection," Thomas wrote in a GitHub post detailing the activity.








