NordVPN’s Threat Intelligence research unit reports on a sophisticated phishing campaign targeting job seekers by impersonating some of the world’s most recognisable employers.
The operation exploits the names of Meta (and its subsidiaries), Disney, Coca-Cola and Spotify to steal victims’ Facebook credentials and hijack their accounts.
The investigation revealed a multi-stage operation that goes far beyond typical phishing attempts. Attackers deploy hidden ‘HUB’ domains, referral-link activation mechanisms and realistic job listing interfaces to guide victims through a carefully constructed path. The final step redirects them to a fake Facebook login page designed to capture their credentials.
“Job seekers are uniquely vulnerable because they’re…