Google AppSheet Abuse Helped Phish 30,000 Facebook Accounts
Hackers abused Google AppSheet to send phishing emails, compromising 30,000 Facebook business accounts across 50 countries. The campaign, linked to a Vietnam-based operator, used legitimate Google infrastructure to bypass scam alerts and land directly in targets' inboxes.
Cybercriminals used Google's AppSheet to send phishing emails that appeared legitimate, compromising 30,000 Facebook business accounts. The campaign, linked to a Vietnam-based operator, impersonated Meta support and sent urgent claims about account violations or shutdowns. Attackers used AppSheet's built-in email capabilities to send convincing phishing messages from 'noreply@appsheet.com', which passed undetected due to Google's infrastructure. The emails focused on alleged Meta copyright violations and directed recipients to phishing links. The attackers also impersonated recruiters from companies like Apple and Meta, using enticing offers to get targets on calls hosted on attacker-controlled sites. The campaign indicates a growing shift in phishing attacks, with attackers relying on trusted platforms instead of imitating them.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.