Scammers are impersonating hiring managers at major tech companies like Netflix, OpenAI, and FIFA to trick job seekers into surrendering their Google credentials and other sensitive personal information.

The scheme works like this. Fraudsters send convincing job offer emails posing as recruiters from well-known firms. The messages look legitimate, using company logos and professional language. They direct candidates to click links or fill out forms that harvest login credentials, often for Gmail, LinkedIn, or company email systems.

Once criminals access your Google account, they gain entry to connected services. They can reset passwords on other accounts, access saved payment methods, monitor your contacts, and steal financial information stored in Google Drive or Gmail. Your entire digital life becomes vulnerable.

The scam targets job seekers actively applying for positions. These candidates are primed to expect communications from major employers, making them less likely to question suspicious emails. The criminals rely on this urgency and excitement to bypass your normal skepticism.

Protect yourself with these steps. Never click links in unsolicited job offer emails. Instead, navigate directly to the company's official career website and log in independently to verify any job posting. Legitimate recruiters won't ask for passwords during initial contact. Use two-factor authentication on your Google account and other critical services. Review your Google account's security settings regularly. Check which apps have permission to access your Google account and revoke access to anything unfamiliar.

If you receive a suspicious job offer, report it to the Federal Trade Commission at reportfraud.ftc.gov. You can also alert the company being impersonated through their official contact channels.

Job scams have exploded as remote work normalizes hiring processes. The FTC received over 1 million fraud reports in 2023, with employment scams representing a growing subset. Staying vigilant about email sources and protecting your login credentials remains your strongest defense against