Boss too tough? Salary too low? If you're after a new gig, look no further 💼

We’re tracking a recruitment‑themed phishing campaign that opens with hope of a career upgrade and ends in stolen credentials.

Victims are targeted through emails spammed out by “recruiters” impersonating real people — LinkedIn profiles copied in full, including photos and current recruiter identities. The lure leans on exciting big‑name brands including FIFA, UEFA, Nike and Spotify to anchor legitimacy before prompting victims to schedule an interview using a bogus Calendly page 👔 💫

About time they noticed your stellar performance, right? But this interview comes with a catch 🎣 To seal the deal, you'll need to log in with your company email.

The mechanics:
• Initial outreach primes the role and rapport with some feel-good shmoozing
• Link to schedule your interview lands on a cloned Calendly recruitment portal
• Follow‑on contact nudges the victim through staged redirects
• Your credentials submit their 30-day notice ⚠️

Behind the scenes:
• Convincing lookalike domains generated at scale (RDGAs), rotated aggressively
• Layered redirect chains to blur origin and intent
• Compromised or fraudulently obtained Salesforce Marketing Cloud used for delivery, helping mails sail past controls
• Lure pages clone the Pinpoint ATS — attribution supported by Pinpoint’s own Cloudinary account ID (pinpointhq) embedded in assets
• Domain validation logic limits logins to business email providers, excluding free webmail services

Sad to say, the only thing getting “shortlisted” here is your inbox for another round of credential theft.

IOCs
• brand-jobs[.]com
• brand-careers[.]com
• hr-brand[.]com
• brand-talenthub[.]com

These campaigns remain active, with the actor spinning up new lures impersonating other major brands. We regret to inform you, it seems they'll be moving forward with other candidates 😩

Better luck next time.

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #phishing

#deepfakes #cybercrime

https://arstechnica.com/tech-policy/2026/05/fbi-easily-nabs-man-selling-sexy-deepfakes-who-used-his-own-photo-in-profile/

Parents demand ’emotional’ Starmer bans social media for kids before ‘more lives lost’

https://fed.brid.gy/r/https://metro.co.uk/2026/05/26/parents-demand-emotional-starmer-bans-social-media-kids-more-lives-lost-28524555/

Darknet Diaries Deutsch: Kids ohne Skrupel - Teil 2

Drew fängt an, Namen zu nennen und irrsinnige Methoden zu enthüllen, mit denen in Untergrund-Communities richtig viel Geld gemacht wird.

https://www.heise.de/news/Darknet-Diaries-Deutsch-Kids-ohne-Skrupel-Teil-2-11269283.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Kriminalität #Cybercrime #Darknet #DarknetDiaries #IdentityManagement #Journal #news

#Netherlands seizes 800 servers of hosting firm enabling cyberattacks

https://www.bleepingcomputer.com/news/security/netherlands-seizes-800-servers-of-hosting-firm-enabling-cyberattacks/

#FIOD #cybercrime #StarkIndustries #cybersecurity #cyberattack

Former US execs plead guilty to aiding tech support scammers

https://www.bleepingcomputer.com/news/security/former-us-execs-plead-guilty-to-aiding-tech-support-scammers/

#scam #privacy #TechSupportScam #TechSupport #cybercrime

7-Eleven data breach affects over 185,000 people's personal data

https://techcrunch.com/2026/05/26/7-eleven-data-breach-affects-over-185000-peoples-personal-data/

#Security #DataBreach #Cybercrime

Phishing Trends: February 2026 – April 2026

We observed decreases in overall phishing attacks reported, unique domain names reported for phishing, and phishing attacks hosted at free or cheap web site services. But not all good news. Other stories:

Weed Prevention Fails in .GARDEN

Small TLDs Under Siege

Spaceship Takes Off… But Not in a Good Way

Cloudflare Is King of a Reshuffled Top 20 Mountain

Ball of Confusion?

https://lnkd.in/e8bigV_P

#phishing #fraud #cybercrime #fakesites #cybersecurity