2 min read

Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk

Graham CLULEY

July 09, 2026

Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk

Have you received an email from a recruiter at Adobe, Netflix, or OpenAI offering you an exciting new marketing role? Well, before you start brushing up your interview technique, take a closer look at who is really behind it.

Security experts have uncovered a phishing campaign which impersonates over 30 well-known brands in fake job interviews designed to steal Google account passwords.

Will Thomas, a threat intelligence researcher Team Cymru, identified malicious domains that spoof household names including Adidas, Adobe, American Airlines, Aquent, Booking.com, Coca-Cola, Delta Air Lines, FIFA, Levis, Louis Vuitton, ManpowerGroup, Marriott, McKinsey & Company, Netflix, Omnicom Group, OpenAI, PepsiCo, Red Bull, Sephora, and United Airlines.

What makes the campaign more dangerous is its attention to detail. Rather than using a generic "Dear Job Candidate" email, the attackers appear to have done their homework (most likely via via LinkedIn) addressing recipients by name and targeting people who work in the relevant field.

Furthermore, the attacks use the names and photographs of genuine recruiters at the impersonated firms. In other words, the messages do not just claim to come from a particular company, but also appear to come from a specific, real, named person who works in recruitment at the business.

Thomas says that the emails appear to have been sent via PeopleForce, a legitimate HR and applicant tracking platform. Meanwhile, links in the emails bounce through a variety of trusted domains before ultimately landing on a phishing webpage.

The landing page invites job applicants to a calendar scheduling tool, and prompts them to sign in with their Google account to book an interview slot.

When victims click on "Continue with Google," a pop-up appears that looks like a legitimate Google authentication dialog.

The reality is that the pop-up is a browser-in-the-browser attack, and any login details entered go straight to cybercriminals.

It's worth noting that if you are using a good password manager it will refuse to auto-fill your credentials into the phishing pop-up, because it will recognise that the underlying domain is not one that belongs to Google.

As Bleeping Computer reports, the campaign has been running for at least five months, potentially tricking many people.

Recruitment scams have been around for years, but it is evident that they are becoming more sophisticated and targeted in their attempt to lure in more victims.

In the past the FBI has warned the public about scammers using fake job ads to steal money and personal information from applicants.

We cannot ignore that changes in the workplace play their part in making recruitment scams like this more successful.

More companies are laying off staff, citing artificial intelligence as the reason why they are slimming down their workforce.

Marketing departments - which rely heavily on content creation - are amongst those who are feeling the pressure, and when people are worried about their job security, an unsolicited email from a well-known brand offering an exciting new position can feel irresistible.

Earlier this year, Hot for Security published a guide explaining how many fake recruiter scams work, and how to avoid them.

tags


Author


Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.

View all posts

You might also like

Bookmarks


loader