内容来源：https://lifehacker.com/tech/this-scam-uses-netflix-job-offers-to-steal-facebook-credentials?utm_medium=RSS

内容总结：

网络安全机构近期发现一种针对求职者的新型钓鱼骗局：诈骗分子冒充奈飞（Netflix）招聘团队，通过虚假高薪职位诱骗营销与社交媒体领域从业者，进而窃取其脸书（Facebook）商业账户权限实施多重犯罪。

该骗局以"奈飞人才招募团队"名义发送邮件，谎称提供市场营销副总裁等高管职位，要求受害者通过伪造的调度链接预约面试。在"创建职业档案"环节，无论选择"通过Facebook登录"或"邮件登录"，均会跳转至高度仿真的脸书钓鱼页面。一旦输入账号密码，犯罪分子即可实时获取凭证，并可能通过双因子认证漏洞完全控制账户。

安全专家指出，此类攻击具有高度针对性：一方面利用知名企业名义降低警惕性，另一方面精准锁定可接触企业脸书账户的求职群体。得手后，犯罪分子不仅能盗取账户资金投放恶意广告，还可通过勒索企业或利用品牌信任度实施连锁诈骗。

识别此类骗局需注意三大特征：一是未投简历却获邀面试；二是面试调度链接跳转至非官方域名；三是要求通过社交账户授权登录。安全团队建议求职者务必核实发送方邮箱真伪，警惕"完全远程+高薪"的未申请职位邀约，切勿在招聘过程中支付任何费用或透露账户凭证。

中文翻译：

骗子们的钓鱼骗术正变得日益刁钻：Malwarebytes实验室发现的新型攻击专门针对营销和社交媒体领域的求职者，这类人群通常掌握着当前雇主的脸书商业账户权限。除了窃取账号密码，该骗局的终极目标可能是通过盗用企业资金投放恶意广告、勒索赎金，或利用消费者对品牌的信任实施连环诈骗来劫持商业账户。

冒牌网飞(Netflix)正在瞄准潜在雇员
这场骗局始于一封伪装成网飞招聘团队的电子邮件。邮件开头奉承收件人一番，随后描述某个契合其资历的领导岗位空缺（例如营销副总裁职位）。Malwarebytes实验室提供的截图显示，发件人邮箱后缀为talents[at]netflixtalentnurture[dot]com——虽非网飞官方域名，但颇具迷惑性。

只要不回复首封邮件，该骗局基本不构成威胁。但若回复，你会收到第二封邮件，内含与"网飞人力资源团队"安排面试的邀请。点击排期链接会弹出（虚假的）可选面试时段，选择后系统将提示创建或登录网飞"职业档案"账户。

至此风险急剧升级。无论选择"通过脸书继续"还是"通过邮箱继续"，都会跳转至伪造的脸书登录界面。一旦输入账号密码，攻击者便能立即登录你的真实脸书账户。若已设置双重验证，根据验证方式不同，骗子甚至能拦截并输入验证码。

Malwarebytes团队发现，若输入错误的账号密码，系统会准确显示"密码错误，请重试"。这使得该钓鱼页面成为骗局中最精巧的环节——攻击者可实时截获并利用你的信息。

求职骗局危险信号
这场从网飞延伸到脸书的求职骗局在目标筛选、知名企业名号滥用、信息钓鱼的多阶段流程设计上都显得老练，但仍存在破绽：

虽然跳转至脸书安排面试并非最明显的漏洞，但确实值得警惕。尽管许多用户习惯用脸书和谷歌账户登录第三方网站，但若仔细查验跳转后的登录页网址，会发现并非脸书官方域名。

务必在点击前悬停鼠标核查邮件中的网址链接——本案中所有网站均不属于脸书或网飞官方域名。若已打开网页，需仔细核对浏览器地址栏识破伪装。骗子通过盗用企业标识使虚假网站几乎以假乱真。

即使曾通过邮箱或领英收到过正规招聘消息，仍应对未经申请或好得不真实的职位邀约保持戒心。未核实发件人身份前切勿点击链接，全程避免输入登录凭证或敏感信息。

其他常见求职骗局还包括主动提供完全远程且高薪的理想岗位。骗子也可能冒充猎头要求支付申请或安置服务费。切记：任何涉及招聘或入职的收费（除非主动寻求专业服务）、要求代存支票或购买礼品卡的行为都可能是骗局，最终往往导致财物损失。

英文来源：

Scammers are getting increasingly creative in targeting their phishing campaigns: A new attack spotted by Malwarebytes Labs appears to be aimed specifically at jobseekers in marketing and social media roles who may have access to Facebook business accounts belonging to their current employer.
The end goal, besides stealing credentials, could be to compromise said business accounts by running malicious ads on the company's dime, demanding a ransom, or spreading additional scams based on customer trust in the brand.
Netflix impersonators are targeting prospective employees
This campaign begins with an email that appears to come from the recruitment team at Netflix. It starts with some flattery and goes on to describe an opening for a leadership role, such as the VP of marketing, that's likely to make sense for the recipient. The screenshot from Malwarebytes Labs shows the sender's email address as talents[at]netflixtalentnurture[dot]com, which, while not Netflix's official domain, is somewhat plausible.
This scam probably isn't much of a threat unless you respond to the initial email. You shouldn't—but if you did, you'd get a second message with an invitation to schedule an interview with the "Netflix HR team." Clicking through the scheduling link will pull up (fake) interview slots to choose from, and if you select one, you'll be prompted to create or sign into your Netflix "Career Profile" account.
This is where the risk increases significantly. You can select either "Continue with Facebook" or "Continue with Email," both of which will lead you to a spoofed Facebook login screen. If you enter your credentials, the attackers now have them and can log into your real Facebook account instantly. If you have two-factor authentication set up for Facebook, they can even request and enter your code depending on the method you use.
The Malwarebytes team found that if you enter your username and password incorrectly, you'll receive an appropriate response of “The password you’ve entered is incorrect. Please try again!” This makes the login page itself an especially sophisticated element of this attack, as threat actors can intercept and utilize your information in real time.
Job scam red flags
This Netflix-to-Facebook job scam is relatively sophisticated in who it targets, how it uses trusted company names, and its multi-step approach to phishing your information, but there are some red flags.
Redirecting to Facebook to schedule an interview is a red flag, though it's not the most obvious one. Many users are accustomed to using Facebook and Google to log into third-party sites. If you actually check the URL on the redirected login page, though, it isn't a Facebook domain.
You should always scrutinize URLs for emails and links before you click by hovering over them—in this case, none of the websites live on official Facebook or Netflix domains. If you do open a webpage, look carefully at the address in the browser bar to identify fakes. Scammers use company branding to make the fraudulent site appear almost indistinguishable from a real one.
While you may have received legitimate messages from recruiters via email or on LinkedIn, you should still be wary of offers for positions you haven't applied for or that sound too good to be true. Don't click links without verifying the sender, and don't enter login credentials or provide sensitive information along the way.
There are other job common scams that involve unsolicited offers for dream positions that are fully remote and highly paid. Scammers may also impersonate headhunters and ask you to pay a fee for their application and placement services. Never pay anyone for anything related to hiring or onboarding (unless you have sought out the services of a professional yourself) or agree to deposit checks or purchase gift cards, as this almost always ends with you losing money.