Job Interview Scam Google Credentials: Red Flags and What to Do
A message arrives naming a company you recognize, describing a role that fits your background, and offering a calendar link for a virtual interview. Everything about it signals legitimacy. There is no job. The entire sequence is a delivery mechanism for stealing your login credentials, personal data, or both.
The FTC named this pattern directly in a September 2025 advisory titled "This Job Interview Scam Is a Ploy to Steal Your Google Credentials." Understanding why it's more dangerous than a wasted afternoon is what this piece is for.
One scope note upfront: the exact technical method used to capture Google credentials isn't fully described in current public sources. What is well-documented, from both the FTC and Google, is the social engineering pipeline that brings victims to the moment of handing over access. This piece explains how that pipeline works, where to spot it, and what to do whether you've received a suspicious message or already engaged with one.
The scam's logic: why a fake interview is the attack
Video of the Day
A fake job interview is a trust-building exercise with a single real purpose. These operations are perpetually "hiring," as the FTC notes, because the job offer is just a mechanism for extracting money, personal information, or credentials. A cold phishing link asks you to trust a stranger. A fake interview process earns that trust across multiple touchpoints before asking for anything.
The scam also targets a specific psychological window. The FTC notes that scammers deliberately target people who want to work from home, understanding that urgency shortens scrutiny. The fake interview manufactures that urgency: a polished invite, a formal offer, a tight timeline. By the time something feels off, the recruiter has already pushed for what they came for.
Video of the Day
How the job interview scam Google credentials trap works
Step 1: unsolicited contact from a credible-seeming source

The outreach arrives by email or text, claiming to represent a well-known employer. It often comes from a personal phone number or a non-corporate email address rather than an official company domain, the FTC reported last year. The message may appear to come directly from a recognizable brand, even though the recipient never applied for anything, per an FTC advisory from about twenty months ago. Fake job postings also turn up in paid ads, on job boards, and across social media, the FTC flagged two years ago, reaching people who are actively searching, not just those contacted cold.
Step 2: an official-looking interview invitation
The victim receives a polished virtual interview invite complete with job duties, listed benefits, and scheduling logistics, the FTC documented. Every prop signals legitimacy because the con depends on the target not pausing to verify any of it. The recruiter may even send what looks like a formal offer letter before any real conversation about the role has taken place.
Step 3: early demand for sensitive information

Before any substantive discussion of the position, the recruiter requests a driver's license number, Social Security number, or bank account details, framed as routine paperwork for direct-deposit setup, the FTC noted. The recruiter pushes for this before answering basic questions about the role. Your data comes first; job details come second. That inversion is the tell.
Step 4: the click, the download, the unverified sign-in

This is where a recruitment scam becomes an account-compromise risk. The scammer has spent the previous steps building enough credibility to get the target to click a link, download a file, or sign into something without independently verifying its source. That moment of unverified action is the point of exposure.
Google specifically warns against downloading application materials or software without first verifying the instructions and source through the company's official channels, and against providing sensitive information, including banking details and Social Security numbers, before confirming a posting's authenticity. Once a target acts without that verification, Google's advisory makes clear, the consequences can range from financial theft and identity fraud to system compromise that enables credential harvesting and corporate network infiltration. A Google account is a particularly high-value target: one set of credentials connects Gmail, Drive, Calendar, and often an entire Google Workspace environment, turning a personal compromise into a potential corporate one.
Recruitment scam red flags: what real hiring looks like and where this diverges
These scams succeed by imitating legitimate hiring behavior closely enough to lower defenses. A concrete comparison does more work than abstract warnings.
What legitimate recruiting generally looks like: Genuine recruiters operate through verifiable corporate email domains or established platforms, per Google's advisory. They answer substantive questions about the role before requesting any documentation. Financial and identity information enters the picture only after a formal offer has been accepted, through an employer's secured onboarding system. No legitimate employer charges fees at any stage, the FTC states plainly.
Where the fake-interview scam diverges:
- The contact was unsolicited, for a job you never applied for. Real recruiters do reach out cold, but their identity and company affiliation can be confirmed through official channels, per the FTC. The difference is that verification is possible, and legitimate recruiters will wait for it.
- The recruiter is using a personal email address or personal phone number while claiming to represent a major employer, the FTC has noted. A major employer reachable only through personal contact details warrants independent verification before any further engagement.
- Sensitive information or a download is requested before any real interview has occurred. Real employers won't ask for a Social Security number or bank account details before hiring you, the FTC states, and Google advises verifying any download source through official channels before acting.
- A formal offer arrives before any interview. The compressed timeline is deliberate: speed is the mechanism that prevents scrutiny, the FTC explains.
- Someone asks you to pay. No legitimate employer, including the federal government, charges training fees, certification costs, or starter-kit expenses to hire you, the FTC states.
Each of these is a design choice, not an oversight. The scam is engineered to resemble real hiring closely enough that only one or two details feel wrong, and by then the recruiter has already moved to the next step.
What to do: before you respond and after you've already engaged
If you've received a suspicious message and haven't responded
Follow this sequence before doing anything else:
- Check whether you ever applied to this company or role.
- Inspect the sender's domain or phone number. Does it match the company's official contact information?
- Go directly to the company's official website through your browser, not through any link in the message, and look for the job listing independently.
- If the role exists, contact the company's HR or recruiting team using the contact information on their official site, not the recruiter's details.
Google advises confirming any posting's authenticity through official channels before sharing information or clicking links. This check alone disrupts most of the attack before it starts.
If you've already clicked a link, downloaded a file, or shared credentials

The right response depends on what happened.
If you entered login credentials on a site you now suspect was fake: change the compromised password immediately and enable two-factor authentication on the affected account. Then check connected accounts for unauthorized access or unfamiliar changes, and review recent account activity for logins you don't recognize. If that account connects to a workplace system, notify your employer's IT or security team directly. Google's advisory warns that personal-account compromise can enable corporate network infiltration, so that notification step matters beyond your own exposure.
If you downloaded and ran software from an unverified source: a password change alone may not be sufficient, since software you've executed could persist on the device. Consider a full scan with reputable security software and, again, loop in your employer's security team if the account has workplace connections.
If you shared a Social Security number or bank account information: the FTC's identity theft resources at IdentityTheft.gov provide a step-by-step recovery plan.
Report the scam to the FTC at ReportFraud.ftc.gov. Text scams can be forwarded to 7726 (SPAM) on most carriers, per the FTC.
One habit that stops most of this
The fake-interview format works on careful people because it borrows the rituals of real hiring. The invite looks genuine. The offer letter looks genuine. The urgency feels like standard employer behavior. Nothing breaks the illusion until the recruiter pushes for information or an action that no legitimate employer would request at that stage.
The fix takes about five minutes: before responding to any recruiter message, go directly to the company's official website, verify the role exists, and confirm the recruiter's contact details match what the company actually uses. Don't click links or download anything until that check is complete.
No legitimate hiring process collapses because you took time to confirm it was real. A scam will.
For more on the broader job scam landscape, the FTC maintains a central resource at ftc.gov/jobscams.