Hackers are spreading malware through Indeed job messages

A sophisticated phishing scam is targeting US executives through job listing site Indeed. Hackers send fake job opportunity emails that lead to a Microsoft 365 login page, allowing them to steal credentials. They evade multi-factor authentication through “cookie stealing”, a method used to mimic website design. The scam was spotted by Menlo Security, who observed it targeting various industries. Similar attacks have been observed on other major brands since 2022, with email security measures being put in place from 2024.