This Job Interview Scam Is a Ploy to Steal Your Google Credentials
Netflix, OpenAI, and FIFA aren't recruiting you.
Emily Long Freelance Writer
Experience
Emily Long is a freelance writer based in Salt Lake City.
After graduating from Duke University, she spent several years reporting on the federal workforce for Government Executive, a publication of Atlantic Media Company, in Washington, D.C. She has nearly a decade of experience as a freelancer covering tech (including issues related to security, privacy, and streaming) as well as personal finance and travel.
In addition to Lifehacker, her work has been featured on Wirecutter, Tom’s Guide, and ZDNET. Emily has also worked as a travel guide around the U.S. and as a content editor. She has a masters in social work and is a licensed therapist in Utah.
July 8, 2026
Add as a preferred source on Google
Credit: Catherine McQueen via Getty Images
Table of Contents
It's rough out there for job seekers, and scammers are preying on candidates hoping to get hired by well-known companies. A new phishing campaign uses fake interview invites—impersonating brands like Adidas, Netflix, Adobe, and FIFA—to steal users' Google account credentials.
Employment scams are nothing new, and they come in a variety of flavors, from fake job offers sent via text to fake applications distributed via Google Forms. Netflix impersonators even ran a similar recruitment email campaign last year. Bad actors are typically trying to phish personal information or convince you to send them money for various (fake) onboarding expenses.
How the fake job interview scam works
As BleepingComputer reports, this job scam primarily targets marketing professionals looking for positions with high-value companies across multiple sectors, including tech, hospitality, travel, food, entertainment, and luxury goods.
The fraud begins with a phishing email from a "recruiter" at one of more than 34 companies, inviting candidates to schedule a meeting to discuss further. Scammers appear to be using the names and photos of real recruiters at these companies, making them less likely to raise suspicion if targets try to verify their legitimacy.
If a job seeker clicks the link to the recruiter's calendar, they'll be redirected multiple times and ultimately land on a malicious website designed to look like a real interview scheduling page. From there, they'll be prompted to sign in with Google, which launches a fake login interface that looks like Google's authentication pop-up but is actually just part of the phishing page. (This is an example of a browser-in-the-browser (BitB) attack.)
Threat actors appear to be using a legitimate HR platform called PeopleForce and a domain operated by Salesforce to initiate the scam, though it's not clear whether they created accounts or are using stolen credentials.
What do you think so far?
Signs of a fake job scam
Like all scams, this one preys on emotion, like the excitement of being recruited for a highly desirable position in a competitive job market. If you receive an unsolicited message from a recruiter, whether via email, LinkedIn, or some other social platform, proceed with caution—especially if you haven't applied for a job or the opportunity sounds too good to be true. If you're not sure, go directly to the company's careers page to find the listing.
Just because a calendar or application link appears to go to a legitimate site doesn't mean you're safe. Obviously, scammers have many ways of spoofing URLs or redirecting traffic so you don't realize you're being phished. Look carefully at the address bar on the final window for sneaky characters or other URL tricks.
If you're being prompted to enter single sign-on credentials (such as Apple, Google, or Facebook) to schedule an interview or fill out an application, this is a red flag. Try to interact with the pop-up, such as by dragging it away from the main browser window or highlighting the URL. If you can't, it's likely a fake. A password manager can also protect against BitB attacks, as these tools won't fill credentials, except on the legitimate domain.
BigThink