A Facebook phishing campaign has compromised more than 30,000 accounts worldwide by abusing Google’s AppSheet platform, according to Guardio Labs.
The campaign, named AccountDumpling by Guardio Labs, used the legitimate Google-owned address noreply@appsheet.com to send malicious emails that appeared authenticated.
Guardio Labs linked the operation to Vietnamese threat actors. In addition, metadata in a Canva-generated PDF identified a Vietnamese individual named Pham Tai Tan.
The emails passed SPF, DKIM and DMARC authentication checks, allowing them to bypass common email security gateways and spam filters.
The emails redirected victims who opened them to fake Facebook Help Centre pages hosted on Netlify or Vercel.
The fake pages collected login credentials, two-factor authentication codes, dates of birth, government ID images and browser screenshots.
The campaign used fake offers, including a “free Facebook blue badge” that required no Meta Verified subscription. It also featured threats of account disabling or copyright claims.
Read: AI Chatbots Like Grok Craft Phishing Scams Targeting Seniors, Reuters Finds
Guardio Labs said the at-risk accounts appeared mainly in countries including the United States, Italy, Canada, the Philippines, India, Spain, Australia, the United Kingdom, Brazil and Mexico.
The company advised users to enable two-factor authentication. Additionally, they should avoid links in emails and never enter credentials after clicking an email link.
