Phishing Campaign Targets Job Seekers with Fake Recruiter Emails and Career Portals
Leave a Comment / Cybersecurity, Data Protection, Enterprise Technology, Industry News / By cxojunction
A sophisticated phishing campaign is targeting job seekers by impersonating recruiters from well-known global brands. Through personalized recruitment emails and convincing fake career portals, attackers are attempting to steal Gmail login credentials by exploiting the trust candidates place in legitimate hiring processes.

The attack begins with emails that appear to come from genuine recruiters offering marketing-related roles. These messages address recipients by name and reference their actual profession, indicating that attackers conduct background research before initiating contact. According to security researcher BushidoUK, the phishing campaign leverages legitimate services, including PeopleForce, Salesforce Marketing Cloud, and Wise Agent, creating a chain of trusted domains that helps phishing links bypass security filters while concealing the malicious destination until the final stage.
Victims are eventually redirected to a fake careers page designed to closely resemble the hiring portal of a major company. In one confirmed case, attackers replicated McKinsey & Company’s careers page and hosted it on Netlify. The phishing site uses a “Browser in the Browser” technique, displaying a fake Gmail login pop-up that closely mimics a real browser window, including familiar browser elements. Instead of authenticating with Google, victims unknowingly submit their email credentials directly to the attackers. The tactic is particularly effective against job seekers, whose eagerness to secure interviews may reduce suspicion.
Researchers identified fraudulent career domains impersonating organizations across multiple industries, including American Airlines, Delta Air Lines, United Airlines, Booking.com, Coca-Cola, PepsiCo, Red Bull, Adidas, Louis Vuitton, Sephora, Levi’s, Adobe, OpenAI, McKinsey & Company, Marriott, Netflix, and FIFA. The broad range of brands targeted suggests attackers are casting a wide net to maximize the campaign’s reach.
The campaign demonstrates how cybercriminals are combining legitimate business platforms with advanced phishing techniques to make fraudulent recruitment schemes increasingly difficult to detect. It also reinforces the importance of verifying job opportunities through official company websites, treating unexpected login requests or credential prompts during interview scheduling as warning signs, and remembering that legitimate recruiters never require a candidate’s Gmail password. Greater awareness of these tactics can help individuals and organizations strengthen defenses against evolving social engineering attacks.
CXO Junction remains dedicated to providing you with exclusive insights into transformative leadership journeys. Stay tuned for more updates as we continue to bring industry news to you.
Source:Hackers Use Recruiter Phishing Emails and Fake Career Pages to Harvest Gmail Logins | Cyber Security News | https://cybersecuritynews.com/hackers-use-recruiter-phishing-emails-and-fake-career-pages/amp/
