Big Brand Jobs Scam Targets Marketing Pros' Google Accounts
New 'Big Brand' phishing campaign exploits marketing job seekers with nested redirects to hijack Google accounts and business infrastructure.

This article is original editorial commentary written with AI assistance, based on publicly available reporting by Dark Reading. It is reviewed for accuracy and clarity before publication. See the original source linked below.
A sophisticated new cybercriminal campaign is currently targeting marketing and creative professionals by impersonating recruiters from globally recognized brands. This operation, recently uncovered by security researchers, leverages the professional anxieties of job seekers to deploy a multi-stage phishing attack designed to hijack Google accounts. By masquerading as established entities, the attackers exploit the prestige of "big brand" employment to lower the target's defenses, moving beyond simple credential theft into deep infrastructure compromise.
This campaign is the latest evolution in a long history of recruitment-based social engineering. Historically, attackers favored basic email attachments or LinkedIn-based malware delivery. However, as enterprise security filters have improved, threat actors have moved toward social engineering tactics that mimic legitimate corporate onboarding processes. The current wave specifically zeroes in on marketing specialists—individuals who often possess high-level administrative access to corporate social media profiles, Google Ads Managers, and sensitive analytics dashboards—making them high-value targets for both data extortion and ad-fraud schemes.
The technical mechanics of this scam are notably complex, utilizing "nested redirects" to bypass automated security scanners. When a victim clicks on a link provided by a fake recruiter, they are not sent directly to a malicious site. Instead, they are funneled through a series of legitimate-seeming URLs and intermediary cloud services. This obfuscation ensures that by the time the user reaches the final phishing page—a pixel-perfect recreation of the Google login interface—the initial "safe" reputation of the first URL has already cleared the email gateway’s inspection. Once the victim enters their credentials, the attackers use session-cookie theft or real-time proxying to bypass two-factor authentication (2FA).
The implications for the industry are profound, particularly concerning the vulnerability of the modern "Bring Your Own Device" (BYOD) workforce. Because marketing professionals often toggle between personal and professional Google accounts, the compromise of a personal Gmail account frequently provides a backdoor into enterprise systems via shared documents, delegated access, or saved browser passwords. For organizations, this highlights a critical weakness: no matter how robust a company’s internal firewall is, the personal digital hygiene of its employees remains a viable attack vector for sophisticated external actors.
From a regulatory and market perspective, this campaign underscores the escalating war over digital identity. Google and other major identity providers are under increasing pressure to harden account recovery and login processes, but the adaptability of phishing kits remains a persistent challenge. As these kits become more accessible via Phishing-as-a-Service (PhaaS) platforms, even low-tier criminals can now execute high-level redirection attacks that were once the exclusive domain of state-sponsored actors. This democratization of high-end social engineering means that "brand safety" now extends far beyond marketing and into the realm of frontline cybersecurity defense.
Looking ahead, the industry must watch for the integration of generative AI in high-stakes recruitment scams. AI-driven deepfakes and automated, highly personalized "pre-interview" chatbots could soon make the initial contact indistinguishable from a legitimate corporate outreach. Organizations should respond by implementing hardware-based security keys and moving toward phishing-resistant authentication methods. For the job-seeking professional, the lesson is clear: the more lucrative the opportunity appears, the more rigorous the verification of its source must be. The battle for the inbox has moved from detecting "spam" to identifying highly personalized, multi-stage psychological traps.
Why it matters
- 01The campaign uses sophisticated 'nested redirects' to bypass traditional email security filters and masquerade as legitimate corporate outreach.
- 02Marketing professionals are being targeted specifically because their account credentials often grant access to high-value enterprise ad platforms and social media assets.
- 03This shift toward high-fidelity impersonation highlights a critical vulnerability in the intersection of personal account security and professional enterprise access.