A phishing campaign that impersonates Netflix, Coca-Cola, Adidas and FIFA has targeted marketing professionals for at least five months, using fake job interviews and login pop-ups to try to steal Google accounts, according to a BleepingComputer report cited in the article.
KEY FACTS
- Targets Marketing professionals were the main focus.
- Lure Victims received fake interview or scheduling requests from supposed recruiters.
- Impersonation At least 34 domains were set up to mimic major brands.
- Technique The phishing page showed a fake Google sign-in pop-up inside the site.
- Evasion The campaign used legitimate services in a redirect chain before the final landing page.
The report says the attackers used cloud services and a domain tied to Salesforce Marketing Cloud before sending recipients to a malicious page. It also says the campaign has been active for at least five months.
The article says the fake login window was built into the page rather than opened as a real browser dialog. That design can make the site look more legitimate to victims who expect a routine sign-in step during a hiring process.
The article also advises users not to click links or open attachments in unsolicited job offers, to use a password manager, and to keep real-time anti-malware protection enabled. It says Scam Guard would have helped flag the attack as a scam.
WHY IT MATTERS
Job-themed phishing remains effective because it can exploit interest in new roles and the trust people place in recruitment messages. The campaign shows how attackers combine brand impersonation, familiar services and browser tricks to steal credentials without using obvious malware.

