Phishing Campaign Abuses Google AppSheet to Steal Facebook Accounts
A long-running phishing campaign is abusing Google's AppSheet platform to hijack thousands of Facebook business and advertiser accounts by bypassing standard email security checks.
Researchers have uncovered a long-running phishing campaign that exploits Google’s AppSheet platform to steal thousands of Facebook accounts. By sending emails through Google’s trusted infrastructure, the attackers successfully bypass standard email security filters like SPF, DKIM, and DMARC, making the phishing attempts appear legitimate.
The campaign primarily targets business and advertiser profiles on Facebook. Once the attackers gain control of these accounts, they monetize them through various illicit activities. Because the emails originate from a trusted service, many users and security systems fail to identify them as malicious, allowing the operation to persist for an extended period.
Users are advised to exercise extreme caution with unexpected emails, even those that appear to come from trusted sources. Organizations should ensure that their security awareness training includes information about how attackers abuse legitimate services to conduct phishing operations. [Malwarebytes Labs]