Cybersecurity researchers at Malwarebytes say they have uncovered a phishing campaign in which scammers pose as Netflix recruiters to target jobseekers, particularly marketing professionals.
The goal is to trick victims into handing over their Facebook credentials, potentially compromising both personal and business accounts.
SEE ALSO: AI is fueling an explosive rise in fraud and digital identity crime
The scam begins with an email that appears to come from Netflix’s HR department, praising the recipient’s “visionary marketing leadership” and inviting them to schedule an interview.
Fake Netflix site
The link leads to a fake Netflix-branded website listing fabricated marketing and social media roles. Regardless of the path a user takes to “apply,” the site prompts them to log in with Facebook, allowing attackers to intercept credentials in real time.
Researchers say the phishing site blends genuine Netflix content with fake elements, creating a convincing appearance.
The campaign uses a websocket method to capture credentials instantly, giving criminals the ability to log into the victim’s Facebook account within seconds. This could allow them to bypass multi-factor authentication, take over personal profiles, and access company Pages or ad accounts.
Such access can be abused to run fraudulent ads, spread additional scams, or demand ransom for returning control of the account.
Marketing and social media staff are high-value targets because they often manage corporate Facebook Pages tied to business payment methods.
The campaign targets victims using detailed research to tailor fake job offers to their roles, making the scam more convincing.
The use of AI-generated text and known branding makes this phishing attempt more difficult to spot than traditional scams.
How to stay safe
In order to avoid falling for these types of attacks, Malwarebytes says users should be cautious about unsolicited job offers, verify web addresses before clicking links, and confirm that the site’s domain matches the official brand.
Recognizing phishing patterns is increasingly important as cybercriminals are increasingly use AI to craft more convincing messages.
Keeping browsers, operating systems, and other software updated can also help reduce exposure to known vulnerabilities.
Those who suspect their Facebook credentials have been compromised should immediately change their password, enable multi-factor authentication, and alert their company’s IT or security team if work accounts are affected.
Using real-time anti-malware protection with web filtering can help block these phishing sites before credentials are entered.
What do you think about scammers targeting jobseekers with fake brand-based offers? Let us know in the comments.
Image credit: Proxima Studio / Shutterstock
