That Dream Job Offer From Coca-Cola or Ferrari? It’s a Trap for Your Passwords

The U.S. labor market’s turbulence—over 1.17 million layoffs in 2025 and unemployment near a four‑year high—has created a fertile hunting ground for credential‑stealing scams. Cybercriminals now weaponize coveted brand names like Coca‑Cola and Ferrari, embedding malicious links in unsolicited interview invitations. By exploiting job seekers’ urgency, these campaigns achieve higher click‑through rates than generic phishing, dramatically expanding the pool of potential victims and driving FTC‑reported losses to more than $500 million in 2024.

The Coca‑Cola operation illustrates a new level of technical sophistication. After a victim submits a Calendly‑style form, the site renders a simulated Chrome window that appears to be a legitimate Google sign‑in page. Behind the scenes, the kit forwards the entered credentials to an attacker‑controlled server, then polls that server for the appropriate MFA challenge—whether email code, authenticator token, SMS, or phone prompt—and presents a matching fake prompt. This real‑time relay lets the attacker complete the full login flow within seconds, effectively neutralizing two‑factor protections and granting immediate access to corporate Google Workspace accounts, which can contain sensitive emails, documents, and internal tools.

Beyond the immediate credential theft, these attacks pose broader enterprise risks. Compromised work accounts can be leveraged for lateral movement, spear‑phishing of colleagues, and exfiltration of proprietary data, amplifying the financial and reputational impact on affected companies. Organizations should reinforce security training that emphasizes verification of recruiter identities, avoidance of credential entry on scheduling pages, and the use of password‑less authentication methods. Additionally, deploying anti‑phishing browser extensions and monitoring for anomalous MFA requests can help detect and block these advanced credential‑harvesting kits before they cause damage.