New Phishing Wave Targets Gmail Users, Posing as Google Careers
A new wave of phishing attacks is targeting both enterprise and personal Gmail users, with a significant increase in reported incidents. The campaign, which began in September 2025, poses as Google Careers recruiters and has already caused unauthorized access attempts and privacy breaches. The attackers, whose identity remains unknown, use spoofed Salesforce subdomains and Cloudflare protection to make their emails appear legitimate. The phishing emails direct victims to a convincing fake job description page on a Google domain. Once compromised, accounts send further phishing messages, expanding the campaign's reach. The phishing kit employs obfuscated JavaScript and dynamic domains, rotating weekly and using domain shadowing to evade takedowns. Attackers use professional-looking emails with corporate logos and personalized greetings to increase the likelihood of success. The phishing page uses a JavaScript listener to intercept form submissions and exfiltrate stolen Gmail credentials to the attacker's server. After a successful credential theft, victims are redirected to the legitimate Gmail sign-in page to avoid suspicion. Organizations using Google Workspace and personal Gmail users are urged to be vigilant. Always verify the sender's address and look for signs of legitimacy before clicking on links or entering credentials. Google is working to combat this campaign and protect users.
Read also:
- China's Automotive Landscape: Toyota's Innovative Strategy in Self-Driving Vehicles
- Strengthening Defense Against Combined Cyber Threats during the Age of Technological Autocracy
- Nissan Fortifies Supply Chain and Cybersecurity with KPMG, PwC Partnerships
- Enlarged Financial Plan of MGM Osaka Integrated Resort Surpasses $10 Billion Mark
