Security researchers have uncovered a sophisticated phishing campaign using fake Netflix job offers to trick job seekers—particularly marketing and social media professionals—into giving away their Facebook login credentials.
The scam, reported to Hackread.com, employs highly convincing AI-generated emails that appear to come from Netflix’s HR department. Each email is personalised based on the recipient’s professional background to enhance credibility and lure the target into clicking the provided link.
How the Scam Operates
The phishing attack begins when the target receives an official-looking “Interview Invitation” email from the supposed Netflix HR team. The email contains a “Schedule Interview” button that directs victims to a fraudulent career site designed to mimic Netflix’s official recruitment page.
A simple domain check reveals the deception, but the site’s professional design can easily fool unsuspecting users. Once on the page, victims are prompted to create a “Career Profile” and are offered two login options: using Facebook or using an email address.
Regardless of the option chosen, the next page forces a Facebook login—a deliberate trap to harvest credentials.
Data Protection and DPDP Act Readiness: Hundreds of Senior Leaders Sign Up for CDPO Program
Advanced Credential Theft Using Websockets
What sets this campaign apart is its real-time credential harvesting technique. According to a Malware Intelligence Researcher, the fake Facebook login page uses a websocket method to instantly capture the entered details.
As soon as the victim clicks “Log In”, the credentials are sent live to the attackers, allowing them to access the real Facebook account within seconds. Even if the password entered is incorrect, attackers can attempt immediate retries. If multi-factor authentication (MFA) is enabled, they may prompt for it to complete the breach.
Why Corporate Facebook Accounts Are the Real Target
The ultimate goal of the scam is not limited to personal accounts. Many marketing and social media professionals have administrative access to corporate Facebook Business accounts. By hijacking these, cybercriminals can:
- Launch malicious ad campaigns
- Demand a ransom to restore access
- Exploit the company’s brand to run further scams
- Damage the organisation’s reputation
Staying Safe from Job Offer Phishing Scams
Security experts warn job seekers to be especially cautious about unsolicited job offers, even from well-known brands like Netflix. To stay protected:
- Verify email senders and avoid clicking suspicious links
- Check website URLs before entering login credentials
- Use multi-factor authentication on all accounts
- Keep security software updated on all devices
This case highlights the growing intersection of job scams, AI-generated social engineering, and targeted corporate account attacks, signaling the need for increased awareness among professionals handling brand-sensitive assets.
