Threat Alert: Job Lure Phish

• Threat actors are impersonating job recruiters at well-known organizations to lead to Facebook credential phishing.
• URLs in the email message body contain references to impersonated brands, further legitimizing the campaign.
• The campaign targets job seekers, who might be more willing to share detailed personal information for a prestigious job opportunity.

How is it used in the wild?

• This campaign uses Ferrari job recruitment themes to gain access to Facebook accounts.
• Threat actors legitimize this attack by impersonating Ferrari’s recruitment process through multiple spoofed sender identities (including Ferrari Digital Team, Ferrari Recruitment Team, Ferrari Talent Acquisition).
• They create convincing job opportunity lures specifically for a "Social Media Manager" position and use Ferrari branding throughout to convince the recipient of their legitimacy.
• They also use multiple legitimate-looking domain names that combine "Ferrari" with recruitment-related terms (ferrari-career.com, ferrari-careers.com, ferrari-recruits.com).
  

Key Action: Stay Alert!

• Monitor and protect brand names: Organizations should report fraudulent domains and social media accounts impersonating them and proactively register similar domains.
• Maintain clear communication on recruitment processes: Establish an official careers page and communicate that all legitimate job postings will only appear there, not on Facebook or social media.
• Research the company's actual hiring practices and official communication channels: Individuals should verify job opportunities through official websites and career pages, and double-check email sender addresses and domain names carefully.
• Report ANY suspicious emails via Phish Alarm.