"Victims receive an ' are you open to talk?' message impersonating an outreach email from Google Careers. If they click the link, they're taken to a landing page designed to look like a Google Careers meeting scheduler and, from there, to the phishing page. Detailing the scam in a blog post, Sublime Security threat detection engineer Brandon Murphy said the phishing campaign has evolved rapidly in recent weeks, employing more sophisticated techniques to dupe unsuspecting victims."
"In almost all cases, after clicking on the Book a Call button, the target is taken to either a real or impersonated Cloudflare Turnstile page. After completing a Captcha, they are directed to a spoofed Google Careers meeting scheduling page, where their name, email address, and phone number are all recorded by threat actors. After clicking save & continue, victims are taken to the password phishing phase of the attack, which features a fake login page, as seen in most Google credential phishing attacks."
A Google Careers-themed phishing campaign targets tech workers looking for career changes by impersonating recruiter outreach in multiple languages, including English, Spanish, and Swedish. Messages include a Book a Call button leading to hiring-themed subdomains and Google Careers-themed root domains that sometimes do not match the sender domain. Clicking the button typically directs targets to a real or impersonated Cloudflare Turnstile Captcha, then to a spoofed Google Careers meeting scheduler that records name, email, and phone number. Following save & continue, targets reach a password phishing page that mimics a Google login to harvest credentials. Threat actors are actively refining tactics and using multiple links to evade detection.
Read at IT Pro
Unable to calculate read time
Collection
[
|
...
]