Looking for a job? It could be a scam NordVPN uncovers phishing campaign impersonating top brands' recruiters

Date:
Wed, 01 Apr 2026 14:49:31 +0000

Description:
Cybercriminals are impersonating top brands like Meta, Disney, and Spotify in a highly sophisticated new phishing campaign designed to hijack your Facebook account. Here is everything you need to know to stay safe.

FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get daily insight, inspiration and deals in your inbox Sign up for breaking news, reviews, opinion, top tech deals, and more. Become a Member in Seconds Unlock instant access to exclusive member
features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter NordVPN researchers uncovered a massive recruitment phishing scam Scammers impersonate top global employers like Meta, Disney, Spotify Hackers use fake job portals to steal job seekers' Facebook login credentials The job market
is tough enough without having to dodge cybercriminals. But according to new research from NordVPN , hackers are now impersonating recruiters from some of the world's biggest brands to hijack the social media accounts of
unsuspecting job seekers.

The cybersecurity firms Threat Intelligence unit has exposed a highly sophisticated phishing campaign that weaponizes the names of major employers, including Meta, Disney, Coca-Cola, and Spotify. Rather than stealing your money outright, the operation is designed to quietly harvest your Facebook credentials. By deploying polished recruitment emails, hidden "HUB" domains, and incredibly realistic job portals, attackers are tricking applicants into handing over the keys to their digital lives. With social media accounts
often linked to other sensitive apps and services, a compromised Facebook login can quickly spiral into a devastating privacy breach. You may like 'Simple but dangerous Top VPNs targeted by typosquatting as 14% of fake domains found to be malicious 'Cybercriminals are industrializing deception': new report reveals how major global cybercrime syndicates have infiltrated trusted domains with millions now at risk - here's what you need to know NordVPNs new tool helps you spot online scams and its free for everyone

If you want to protect your personal data while applying for roles online, using one of the best VPN services with built-in anti-malware and malicious tracker blocking is a smart first step. However, staying completely safe from targeted phishing requires a deeper understanding of how these multi-stage scams actually work. NordVPN: up to $50 of Amazon gift cards with 2-year
plans If you are not a journalist or activist, good news NordVPN is
currently offering a fan-favorite deal to celebrate its 14th anniversary. While its prices haven't been reduced this time round, grabbing a NordVPN
deal gives you the chance to get free Amazon gift vouchers on all its non-Basic plans. With any of these plans, you'll get: Threat Protection Pro NordPass password management Data breach scanning 10 simultaneous connections Super-quick VPN connections To get the maximum value gift voucher, you'll need to get the most expensive NordVPN plans. Remember, though, it's only worth upgrading to plans that offer features you think you'll actually use. View Deal From fake job offer to full account hijack The campaign kicks off with a professional-looking cold email, often sent via legitimate platforms like Google AppSheet to slip past standard spam filters.

These messages feature clean grammar and target victims whose contact details were likely scraped from platforms like LinkedIn or exposed in previous data breaches. (Image credit: NordVPN) Clicking the email link takes victims to a "HUB" domain (such as careers.meta-findyourjob[.]com ).

Interestingly, NordVPN found that these sites feature a clever built-in evasion tactic. If a security scanner or an analyst visits the URL directly, they only see a blank, harmless webpage. The malicious "Search for a job" button only activates when the site is triggered by a unique referral link embedded in the original phishing email.

Once the victim clicks through, they land on an intermediate site that flawlessly mimics a legitimate corporate job board. Researchers identified several fake portals, including connect.spotifycareerapply[.]com for Spotify and jobquest.wdcfuturesteps[.]com for Disney. (Image credit: NordVPN) The
trap finally closes when the applicant clicks "Apply." Instead of a standard application form, they are met with a prompt demanding they log in via Facebook to proceed. This fake login page captures the victims username and password, handing the attackers total control over the account. What to read next TikTok for Business accounts targeted in phishing campaign here's how
to stay safe Ever heard of 'quishing'? NordVPN warns the future of scams lies in QR codes and shares some tips on how to stay safe Hackers hijack LinkedIn comments to spread malware - here's what to look out for

Domininkas Virbickas, product director at NordVPN, explains that job seekers are "uniquely vulnerable" to these types of attacks. That's because they are already in a mindset where sharing personal data and following instructions from unknown contacts is the normal process to land an interview.

"Such campaigns take advantage of that trust using polished communications
and convincing fake career portals that are nearly indistinguishable from the real thing," said Virbickas. How to stay safe during your job hunt This campaign proves that cybercriminals are constantly finding new ways to weaponize professional contexts to bypass our natural skepticism. Because
this attack flow so closely mimics a real corporate hiring process, even cautious internet users can be caught off guard.

To protect yourself, NordVPN recommends making a habit of verifying the URL before entering any personal data. Legitimate mega-brands will always host their career pages on official, recognizable domains, not unusual third-party links.

The same rule applies to social login prompts. A genuine "Log in with Facebook" button will always securely redirect you to the official facebook.com domain. If the URL bar shows anything else, close the tab immediately.

If you still have doubts, I recommend running the link through NordVPN's URL checking tool or similar software. It's completely free to use for anyone, even those who don't have an active NordVPN subscription.

Finally, NordVPN suggests always activating two-factor authentication (2FA) across your social media profiles. Even if a sophisticated phishing page manages to steal your password, 2FA serves as a vital safety net that blocks attackers from accessing your account. Today's best NordVPN deals NordVPN 2 Year 2.59 /mth View at NordVPN NordVPN 1 year 3.79 /mth View at NordVPN NordVPN 1 Month 9.69 /mth View at NordVPN Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!



======================================================================
Link to news story: https://www.techradar.com/vpn/vpn-privacy-security/looking-for-a-job-it-could- be-a-scam-nordvpn-uncovers-phishing-campaign-impersonating-top-brands-recruite rs


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)