Cybercriminals are targeting Facebook users with fake job ads impersonating global brands like KFC, Red Bull, and Ferrari, stealing login credentials through AI-generated phishing emails, cybersecurity experts warn.
 |
| Researchers have uncovered a new phishing campaign using fake Facebook job ads to harvest user credentials, highlighting how AI is amplifying online fraud. Image: CH |
Tech Desk — November 5, 2025:
A growing number of fake job advertisements are flooding Facebook, tricking users into revealing their passwords to cybercriminals posing as recruiters for world-famous companies. U.S.-based cybersecurity firm Sublime Security has warned that a new wave of phishing attacks is targeting Facebook users by mimicking legitimate job listings from major brands such as KFC, Red Bull, and Ferrari. The deceptive ads are part of a larger digital fraud operation designed to harvest users’ login credentials through realistic but fraudulent recruitment pages.
According to a recent HackRad report, the scam begins with a seemingly authentic email offering a job opportunity from a well-known brand. The message, often crafted using artificial intelligence to appear professional and grammatically sound, directs recipients to a fake security verification page. From there, they are redirected to a counterfeit job application website that closely resembles a popular employment platform.
Victims are then asked to log in using their Facebook or email credentials. Once they attempt to sign in, they encounter a loading bar that never completes, while in the background their login information is silently stolen. This data is later used by scammers to access Facebook accounts, impersonate users, and potentially commit identity theft or financial fraud.
Cybersecurity experts note that, despite the sophistication of the deception, there are telltale signs of fraud. The use of unfamiliar email addresses, suspicious or misspelled URLs, and links that do not match the official websites of the brands are common indicators. In previous campaigns, scammers have deployed similar tactics targeting Microsoft 365 and Google Workspace users with fake job offers designed to steal login credentials.
The use of artificial intelligence has made these schemes more convincing than ever. By generating natural-sounding language and realistic website designs, AI allows cybercriminals to build trust quickly and deceive even cautious users. Experts from Sublime Security have described this as a “new era of AI-enhanced phishing,” where technology designed to improve communication is being weaponized for fraud.
Cybersecurity analysts are urging users to take precautions before responding to any online job advertisement. They recommend visiting the company’s official website directly instead of clicking on email links, verifying the authenticity of any job posting, and activating two-factor authentication on all accounts. These steps can significantly reduce the risk of password theft and unauthorized access.
Ministerial and industry responses have also begun to surface as online fraud becomes more complex. Platforms like Facebook are under increasing pressure to strengthen their detection systems and prevent the spread of malicious content disguised as legitimate opportunities. However, the scale and speed of these phishing operations make enforcement difficult.
The rise of fake job ads illustrates a wider problem in the digital economy. Social media platforms, once designed for communication and community, have evolved into multi-functional spaces where commerce, recruitment, and social interaction overlap. This convergence has created new vulnerabilities for scammers to exploit. The current wave of Facebook-based phishing attacks demonstrates how trust, convenience, and automation can easily become tools of manipulation.
Ultimately, this scam highlights the importance of digital vigilance. As long as criminals can exploit AI and human curiosity, users remain the final line of defense. Verifying links, questioning offers that appear too good to be true, and safeguarding login credentials are simple but vital measures. In an era where even the most trusted brands can be weaponized for fraud, skepticism has become an essential part of online security.