Beware of fake Netflix job offers! A new phishing campaign is targeting job seekers, using fraudulent interviews to trick them into handing over Facebook logins. Find out what to look for to protect your accounts.
Job seekers are being targeted by a new phishing scam that uses fake Netflix job offers to steal Facebook login details. The campaign, which focuses on marketing and social media professionals, was reported by security researchers at Malwarebytes.
Malwarebytes shared details of the campaign with Hackread.com, noting its advanced techniques and focus on corporate social media accounts. The scam begins with a highly convincing, AI-generated email that looks like an official interview invitation from Netflix’s HR team. The email is personalised as per the recipient’s professional background.
How the Scam Works
According to Malwarebytes’ report, when a job seeker clicks the “Schedule Interview” link in the email, they are directed to a fake career site that looks like a real Netflix page. However, a quick check of the web address reveals it’s a fraudulent site.
The site then prompts users to create a “Career Profile,” offering a choice to either log in with Facebook or use an email address. But no matter which option is chosen, the next screen asks the user to sign in using their Facebook account. This is the crucial step of the scam. As the provided image of the sign-in page shows, the scammers are specifically after Facebook credentials.
This part of the attack is especially clever. The hackers use a special websocket method to instantly capture the login details as they are entered. As soon as the victim clicks “Log In,” the scammers can try to access the victim’s real Facebook account.
Even if the password is wrong, the attacker’s quick response time means they could have already compromised the account. The schedule page itself also shows the deceptive nature of the site.
“This login page is also the part that makes this attack a very sophisticated one. The phishers use a websocket method that allows them to intercept submissions live as they are entered. This allows them to try the credentials and if your password works, they can log into your real Facebook account within seconds. They could potentially ask for multi-factor authentication (MFA) confirmation if that’s necessary, too.”
Pieter Arntz – Malware Intelligence Researcher, Malwarebytes
The Real Danger
The ultimate goal of this scam is not just to steal personal Facebook accounts. Hackers are targeting professionals who have access to corporate Facebook business accounts. By gaining control of these accounts, they can launch malicious ad campaigns, demand a ransom for access, or use the company’s reputation to trick more people.
Therefore, to stay safe, unsuspecting users, especially job seekers, must be cautious of job offers they didn’t apply for, check website addresses carefully, and use a reliable security solution on all devices.
