PHISHING campaigns impersonating Coca-Cola and Ferrari are being used to trap job seekers’ credentials, with Malwarebytes describing two polished campaigns that go beyond a simple fake login page. The Coca‑Cola scam starts on a Calendly scheduling page, then presents a fake Chrome login window that asks for a password and two‑factor codes, relaying inputs to an attacker‑controlled backend and adapting the prompts for MFA in real time.
The Ferrari campaign uses a faux corporate career portal that ushers victims to log in with Facebook via an OAuth flow. The researchers note the broader context of a tight job market, where more than 1.17 million workers were laid off in 2025—the most since the pandemic—and unemployment hit a four‑year high of 4.5% in November 2025; early 2026 data show the rate hovering around 4.3 to 4.4%.
The piece warns that legitimate hiring processes will never require authentication through unfamiliar pages, and it highlights the risk to corporate Google Workspace accounts and broader risks from compromised social accounts. The article, published on 3 April 2026, stresses vigilance for unsolicited offers and suspicious booking links. according to the FTC.