Search TorWire

Find cybersecurity guides and research articles

Home > News > Cybersecurity > Hackers Impersonate Global Brands in Job Scam Targeting Marketing Professionals

Hackers Impersonate Global Brands in Job Scam Targeting Marketing Professionals

By: Jordan Vector Cybersecurity Expert

Last updated: July 8, 2026

Human Written
Hackers Impersonate Global Brands in Job Scam Targeting Marketing Professionals
  • Online crooks are pretending to be hiring agents from over thirty famous global brands to trick marketing professionals.

  • The thieves send links that bounce through real business platforms before trapping users on websites that steal passwords.

  • The scam uses a clever trick where basic website code draws a fake Google login box to capture secret passwords.

Digital fraudsters are pretending to be major global companies to run a smart online trick. They send fake messages about exciting job openings to steal private login passwords from workers who handle business advertising. This bad campaign copies more than thirty famous brand names that people see and use every single day.

The online thieves are utilizing completely real worker management systems and email marketing services to hide their dirty tracks. By bouncing their web links through these trustworthy business platforms, they successfully confuse computer safety guards. Once the target clicks the link, it sends them straight to a dangerous fake website designed to trap them.

To make their lies look extra convincing, the criminals copy the actual names and pictures of real hiring managers. Job seekers see a real person’s face and believe the invitation is completely safe.

A smart computer safety helper and senior advisor at Team Cymru, uncovered this entire setup after noticing how many fake web locations the gang made.

Famous Brand Names Copied to Deceive Professional Workers

The digital investigator looked into this trick and saw that the fake emails look like they come from hiring staff. The note usually asks the advertising worker to talk about a potential opening at a massive firm. The people running this scheme have built at least thirty-four unique fake web addresses to mimic popular corporations.

The group copies popular travel and flight firms like American Airlines, Booking.com, Delta Air Lines, and United Airlines. They also impersonate food and beverage companies like Coca-Cola, PepsiCo, Red Bull. For those who love luxury experiences, there are also fake brands for companies such as Adidas, Louis Vuitton, Sephora, and Levis.

Impersonation is a common tactic, hackers have also been using Microsoft Teams to pose as IT staff in a new malware campaign.

The trap even includes massive technical and advisory groups like Adobe, Aquent, ManpowerGroup, McKinsey & Company, and OpenAI. Hotel and entertainment brands are not safe either, since the thieves fake Marriott, Omnicom Group, FIFA, and Netflix. This wide choice of famous names makes it highly likely that a job seeker will fall for the fake offer.

The specialized researcher discovered that this trick works by using a long chain of hidden jumps. The email appears to come from a real human resources platform helper program called PeopleForce. However, the secret links buried inside the letter send the user to an electronic path of Salesforce Marketing Cloud service. 

This pathway uses a web area called exct.net, which belongs to a major cloud service that handles advertising emails. From there, the link takes another jump into a real estate customer tool called Wise Agent. Finally, after all these confusing bounces, the worker arrives at the malicious web location built by the thieves.

News reports reveal that this harmful trick has been running quietly for at least five full months. Initially, the online robbers sent their harmful letters from normal Outlook accounts that simply carried the copied company name. They have since refined their tactics to look far more official than before.

Fake Login Boxes Made with Code to Steal Passwords

One real example of this attack involved a message that copied the identity of a real employee from Adidas. The note asked the target person to pick a time on a digital calendar to talk about a job. When the victim clicked on the scheduling link, they went to a fake site called adidas-hiring.com.

To secure the meeting time, the fake page asks the job hunter to log into their Google account. If the person hits the sign-in button, a tiny square window pops up on the computer screen. This box looks identical to the official password screen that people trust every day.

The safety expert explained that this pop-up window is completely fake and made entirely of basic website styling code. This sneaky trick is what professionals call a browser-in-the-browser setup. The thieves use modern code to draw a perfect replica of a safe page, but anything typed goes straight to the criminals.

No one knows exactly how the thieves managed to use the official business email platforms for their scheme. It does not mean the official platforms were broken or hacked from the inside. The bad guys probably just paid for normal accounts or used stolen business logins to set up the link chain.

Share this article

About the Author

Jordan Vector

Jordan Vector

Cybersecurity Expert

Jordan is a security researcher and advocate who focuses on making privacy practical. Whether he's explaining how to harden a browser or reporting on the latest surveillance disclosures, his goal is to equip readers with knowledge they can use immediately. Jordan believes that true security begins with understanding the digital landscape.

Comments (0)

No comments.