Google Careers impersonation credential phishing scam with endless variation

The Sublime Attack Spotlight series explores a credential phishing scam impersonating Google Careers, targeting users of Google Workspace and Microsoft 365. The scam involves sending emails that mimic Google Careers outreach, leading recipients to a fake meeting scheduler and eventually a phishing page designed to steal personal information and credentials. The attack is notable for its ongoing development, with threat actors refining tactics to evade detection. Variations include messages in multiple languages, different sender impersonations, and the use of newly registered domains. The phishing process often involves HTML word padding evasions and Adversary in the Middle (AITM) infrastructure for credential theft. Sublime's AI-powered detection engine and Autonomous Security Analyst flag these malicious emails by identifying brand impersonation, domain deception, and other suspicious signals.