Threat actors are running a phishing campaign targeting marketing professionals through fake job listings bearing the names of major brands. The scam uses sophisticated evasion techniques including nested redirects to bypass security filters and harvest Google account credentials.

The campaign impersonates well-known companies to create false urgency around lucrative job opportunities. Victims receive emails appearing legitimate, only to be directed through multiple redirect chains that obscure the malicious destination. This layering prevents security tools from easily flagging the endpoint as malicious.

Marketing professionals face particular risk because recruitment-related emails blend naturally into their inbox traffic. Job seekers actively monitoring opportunities are more likely to click links without full verification. Once victims land on a credential harvesting page, attackers capture Google account credentials, giving them access to corporate email systems, cloud storage, and connected applications.

The nested redirect technique represents an escalation in phishing sophistication. Rather than directing users directly to a fake login page, attackers route traffic through multiple legitimate-looking intermediate pages. Each redirect adds obfuscation that makes URL analysis and threat detection harder for security gateways and email filters.

Organizations relying on Google Workspace face elevated risk. Compromised accounts provide attackers with foothold access to collaborate platforms, shared drives, and email archives. From there, threat actors can conduct reconnaissance, move laterally to other systems, or launch internal spear-phishing campaigns targeting other employees.

Defense requires multiple layers. Organizations should enforce strong authentication through mandatory multi-factor authentication on all Google accounts, particularly for marketing and communications teams who handle sensitive brand information. Email security tools should be tuned to detect credential harvesting pages and redirect chains, though evasion tactics will continue evolving.

Individual users should verify job opportunities through official company career pages rather than email links alone. Hovering over links before clicking reveals the actual destination URL. Google accounts with 2FA enabled provide a critical security