{“lastseen”:”2025-08-14T14:04:09″,”description”:”In what seems a phishing attack targeted at a certain audience, scammers are impersonating Netflix and reaching out to marketing staff.\\n\\nThe initial mail looks like what you might expect from a headhunter or a human resources (HR) recruitment specialist.\\n\\n\\”I hope this note finds you well,\\” the email begins. \\”Your reputation as a visionary marketing leader has caught out attention, and I’d like to share an extraordinary opportunity with you at Netflix.\\”\\n\\n\\n\\nUndoubtedly this email is crafted by AI and based on real-life examples. The role offered in the email as VP of Marketing would be a fitting role for the person that received this email, so it looks as if the scammers have done their research before reaching out.\\n\\nReplying to the initial mail\u2014which is not recommended, unless you like letting scammers know you exist and encouraging them to send you more phishes\u2014got us one step closer to landing the exciting new job at Netflix.\\n\\nWe received an invitation to set up an interview with the ‘Netflix HR team’. \\n\\n\\n\\n\\nFollowing the link under \\”Schedule Interview\\” gets us a block by Malwarebytes web protection.\\n\\n![Malwarebytes blocks hiring.growwithusnetflx\\\\[.\\\\]com](https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2025\/08\/growwithusnetflixcomblock.png)\\n\\nAgain, not something we would want our readers to do but in the interest of learning more about the scam, we bypass that block and proceed to the website. \\n\\nWe find that there are 20 openings, all more or less in the same fields of social media and marketing.\\n\\n\\n\\nThe website itself is a mix of content copied from the actual Netflix site and of the phishing campaign.\\n\\nBack to scheduling our interview. We’re given an option to choose our interview slot:\\n\\n\\n\\nRegardless of which of the two buttons you use on the screen, you\u2019ll be asked to sign in to your existing \u201cCareer Profile\u201d or create a new one.\\n\\n\\n\\nAt this stage, all red flags should go up. It doesn\u2019t matter if you choose \u201cContinue with Facebook\u201d or whether you enter your email and click \u201cContinue with Email\u201d the next screen will ask you to sign in to your Facebook account.\\n\\nThe only difference is that the second option fills out your email in the login screen.\\n\\n\\n\\nThat doesn\u2019t make a lot of sense\u2014Facebook is not known to keep track of your calendar. It does keep track of a lot of things, but your meeting schedule isn\u2019t one of them. Besides, if you look at the address bar, you\u2019ll see I\u2019m still at the fake Netflix site.\\n\\nHowever, it’s very normal practice to offer the option of logging in with Facebook on third party sites, so it would be understandable for the jobseeker to click that link.\\n\\nWhen you enter the credentials and click on \\”Log In\\”, it will take a while and then you\u2019ll be notified that \u201cThe password you\u2019ve entered is incorrect. Please try again!\u201d\\n\\nThis login page is also the part that makes this attack a very sophisticated one. The phishers use a websocket method that allows them to intercept submissions live as they are entered. This allows them to try the credentials and if your password works, they can log into your real Facebook account within seconds. They could potentially ask for multi-factor authentication (MFA) confirmation if that\u2019s necessary, too.\\n\\nImagine that the phisher can instantly see the credentials you submitted, tests them at the real Facebook login page, and subsequently sends you the appropriate response. (In my case \\”wrong password\\” since I had no intention of feeding them valid credentials.)\\n\\nYou’d have no idea that they were accessing your Facebook account and they’d have bought some time to log you out, spam your friends, or whatever else they wanted to do with your account.\\n\\nWe often see phishing campaigns like these that are explicitly designed to steal the credentials of marketing managers, social media staff, and especially those who have access to company Facebook Pages or business accounts.\\n\\nCompromising a business account can allow attackers to run malicious ads using the company’s payment methods, demand a ransom for return of control over the account, or use the company\u2019s reputation to spread more scams.\\n\\n## What to do\\n\\nIf you suspect your credentials may have been compromised, immediately change your passwords, enable multi-factor authentication, and notify your IT\/security team if you have one.\\n\\nYou can stay safe from these attacks by:\\n\\n * Be super cautious at engaging in job offers that you have not applied for.\\n * Carefully check the URLs, both in the email and on the website, before you click them (did you notice the missing \u201ci\u201d in the domain name?)\\n * Check if the address in the browser bar matches what you expect to see, along with the content of the website.\\n * Learn how to spot and recognize phishing attempts. Phishing mails are getting harder to identify now that cybercriminals are using Artificial Intelligence (AI).\\n * Keep your browser, your Operating System, and other software up to date.\\n * Use an up-to-date real-time anti-malware solution with web protection.\\n\\n\\n\\nSince the phishing campaign was hosted behind Cloudflare’s services, we have notified Netflix and Cloudflare about this campaign.\\n\\n* * *\\n\\n**We don\u2019t just report on threats\u2014we remove them**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.”,”published”:”2025-08-14T13:00:00″,”modified”:”2025-08-14T13:00:00″,”type”:”malwarebytes”,”title”:”Netflix scammers target jobseekers to trick them into handing over their Facebook logins”,”source”:””,”references”:””,”id”:”MALWAREBYTES:476B9CCC733C020CE9CD166B760F5BDA”,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/08\/netflix-scammers-target-jobseekers-to-trick-them-into-handing-over-their-facebook-logins”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-08-14T14:04:09″,”description”:”In what seems a phishing attack targeted at a certain audience, scammers are impersonating Netflix and reaching out to marketing staff.\\n\\nThe initial mail looks like…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-12903","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n