Threat actors are spoofing big brand logos in recruiting scams to dupe individuals into believing they are working with real companies and to divulge their Google credentials.
The scam was first identified by a Team Cymru researcher, who discovered that threat actors were impersonating recruiters from big brands to target marketing professionals. The fraudulent emails were highly personalized, addressing recipients by name, referencing their professional field, and demonstrating that the threat actors conducted research on their backgrounds before making contact.
One example included a convincing phishing email from a well-known consulting firm “which contains a ‘view calendar & schedule call’ link for a fake job interview.” The email is sent from a legitimate human resources management platform, which lends to its credibility. When the targeted victim clicks the link, they are sent to what looks like a legitimate domain, which is actually a spoofed domain that looks like the legitimate company, but is “an attacker-controlled phishing link.” The victim doesn’t know they have been redirected several times to the phishing host site.
Once the victim lands on the fake site, they are presented with a fake Google sign-in window and they sign in with their real credentials, which are then stolen by the threat actor.
Once threat actors have access to your credentials, they have access to everything in your Google account without your knowledge. As with all accounts, it is recommended that you change your passwords frequently. If you believe you have given your credentials to an unauthorized individual, change your passwords immediately. For assistance with changing your Google password, consult Google’s questions and answers section.
In the meantime, be wary of unsolicited recruiting emails and be vigilant about confirming their legitimacy.
Recent Comments