Scammers fake job offers from Nvidia, Glassdoor to steal your senstive information

Published: 12 July 2025
Last updated: 12 July 2025
hackers pose as job seekers
Image by Cybernews.

Ruthless scammers pretending to be from major companies, such as Nvidia and Glassdoor, are offering to hire unsuspecting job seekers – but instead, are out to steal their sensitive personal information.

Researchers at Fortra are warning job seekers about a recently discovered sophisticated phishing campaign impersonating major brands such as NVIDIA, Glassdoor, RedBull, Marriott, Salesforce, and more.

The scam involves emails offering false job opportunities that lead the victims to websites where they are asked to provide a plethora of personal information that is then confiscated by the bad actors running the campaign.

ADVERTISEMENT

According to Forta’s Fire team, the large-scale operation “has appeared across multiple Fortra clients, with hundreds of phish abusing legitimate domains and falsely branded websites to capture user credentials.”

Glassdoor job phishing scam Fortra research
A "job opportunity" email shows Glassdoor used in conjunction with a Red Bull impersonation attempt. Image by Fortra.

Trust in known and respected brands

First discovered in June, the phish uses multiple social engineering tactics, some so convincing, Forta says, that hopeful job seekers targeted in the indiscriminate phishing email sprays are almost guaranteed to fall victim to the attack.

Israel Cerda, Security Operations Lead at Fortra said the threat actors in this campaign attempt to "break down defenses by leveraging trust in recognized brands."

For example, “impersonating a well-known enterprise such as Marriott, and personalizing the email to the recipient’s name gives an impression of authenticity, “ Cerda said.

A flashy title and expressed interest in the recipient’s expertise will also make the recipient more likely to click on the embedded link, he said.

Fortra research phishing scam Marriot
Attackers leverage reputable brands and convincing infrastructure to reel in victims. Image by Fortra.
ADVERTISEMENT

The emails, appearing to come directly from one of the company's recruiters, right off the bat, tell the victim they are being considered for a specific job and invite them to schedule a phone call.

“The victim will then be redirected to a convincing phishing site imitating a popular service for scheduling meetings, Calendly," Fortra said.

Inevitably, the victim will be asked to fill in credentials to their Facebook or Google account to complete the scheduling on Calendly, a seemingly normal part of the process.

Fortra research phishing scam Calandly
After the victim selects a date and time, they are prompted to enter their Facebook credentials. Image by Fortra.

“Unless they are already familiar with the Calendly service, there is usually no requirement to provide third-party authentication,” said Cerda.

In a similar example, the bad actors employ the well-known human resources provider and temporary staffing firm Adecco to lead the victim to schedule a call, which will take them to a Google sign-in screen.

In that Adecco set-ups, the Fire team noticed the bad actors used a recently registered domain, with an expiration set to expire after a year.

Fortra research phishing scam Nvidia
Nvidia is another brand often used by attackers. Image by Fortra.

"It only takes one employee reusing their Google or Facebook password for their corporate email account to result in a significant risk of a data breach, business email compromise, or infection of systems down the line," Cerda explained in the Fortra blog.

Phishing red flags

ADVERTISEMENT

The Fire intelligence team provides recommendations to help both employees and businesses protect themselves against this type of sophisticated campaign.

  • Training employees on phishing trends, social engineering tactics, and how they may be vulnerable to them.
  • Enforce strong password policies and hygiene practices, including only using unique passwords for both personal and work accounts.
  • Email and endpoint protection systems should be employed for monitoring.
  • Mechanisms should be in place for employees to report suspected phishing emails and for them to be analyzed by security teams.

Fotra said it is imperative that organizations "invest in personnel training against emerging social engineering tactics and have systems in place to report, analyze, and block these attacks before they reach the employee’s inbox.”

Gintaras Radauskas jurgita Konstancija Gasaityte profile justinasv
Don’t miss our latest stories on Google News
Google News Follow us

Share
Post
Share
Share
Share
More from Cybernews
Companies using Fable 5 beware: it’s collecting your data, and there are no exceptions
World’s leading mathematicians ridicule AI hype in high-IQ declaration
Democrats are far more worried than Republicans that AI will take jobs, new poll finds
Europe’s tech revolution feels like Soviet déjà vu
New York demands advertisers use “synthetic performer” label or else
The surprising way Elon Musk is powering your next holiday flight
ADVERTISEMENT