This post is also available in:
עברית (Hebrew)
A newly uncovered phishing operation is targeting marketing and social media professionals by impersonating Netflix recruiters, with the ultimate goal of hijacking access to company-managed Facebook business accounts. The campaign, identified by cybersecurity firm Malwarebytes, relies on convincing emails and fake job offers to lure victims into disclosing their login credentials.
The phishing emails are crafted to appear as legitimate outreach from Netflix’s HR team, offering senior-level marketing roles such as “Vice President of Marketing” or “Director of Social Media.” Malwarebytes notes that the attackers appear to have conducted extensive research beforehand, tailoring their approach to the professional background of each recipient. The messages are written to flatter recipients, often referencing their professional accomplishments to add credibility.
Once a target engages with the email, they are directed to a fraudulent website that mimics Netflix’s careers page. The site prompts users to create a “Career Profile,” offering the option to log in via Facebook—a common and seemingly harmless feature. However, this login method is central to the attack.
The fake login interface is designed to capture Facebook business credentials in real time. Victims who enter their information are met with a false “incorrect password” message, but behind the scenes, their data is already being transferred to the attackers. By using a websocket method, the scammers can access Facebook accounts within seconds—even requesting multi-factor authentication (MFA) codes if enabled.
Access to Facebook business accounts gives attackers a range of options: they can publish malicious ads using company funds, demand ransom in exchange for account recovery, or use the brand’s identity to spread further scams.
To protect against such threats, experts advise caution with unsolicited job offers, especially those requesting social media logins. Users should verify URLs, inspect sender email addresses for discrepancies, and avoid entering credentials into unfamiliar websites. Organizations are also encouraged to enable MFA, train employees on phishing awareness, and maintain updated security software.
