Beware of new, extremely sophisticated Facebook hacking tricks

A sophisticated phishing campaign has just been discovered, targeting Facebook users directly. What is worrying is that the perpetrators have taken advantage of a legitimate Google service to bypass email protection systems, making it difficult for users to detect. Cybersecurity experts from KnowBe4 have issued an urgent warning about this dangerous trick.

Cybercriminals are exploiting Google's AppSheet platform - a codeless application development tool - to spread mass phishing emails, according to a warning from KnowBe4. By sending from Google's legitimate "@appsheet.com" address, these emails easily bypass domain authentication mechanisms such as SPF, DKIM and DMARC, as well as Microsoft's email security gateways (SEG). This allows the phishing emails to appear directly in users' inboxes without being marked as dangerous.

Notably, each email is generated with a unique ID code, making it difficult for traditional detection systems to identify and block.

The email purports to be a notification from Facebook, accusing the user of intellectual property infringement and warning that the account will be deleted within 24 hours. It includes a “Submit an Appeal” button to create a sense of urgency. When clicked, the user is taken to a website that mimics the Facebook login interface, hosted on the Vercel platform – a reputable service that specializes in hosting modern web applications. This makes the scam even more convincing.

On the fake site, if the victim enters their login name and two-factor authentication (2FA) code, all information will be sent directly to the attacker. The trick is even more sophisticated when the first login intentionally reports "wrong password" to force the user to re-enter, to verify the accuracy of the information.

Even more dangerous, the stolen 2FA code will be used immediately by hackers to log into Facebook and take control of the account. They also get the session token - allowing them to maintain access even after the user has changed their password.

Users are advised to be cautious of emails that ask for urgent action or personal information, even if they appear to be from reputable sources. Cybersecurity experts emphasize: always carefully check the sender's address, do not rush to click on suspicious links and absolutely do not enter login information if you are not sure about the authenticity of the website.