Beware of new, extremely sophisticated Facebook hacking tricks.
A sophisticated phishing campaign targeting Facebook users exploited Google's legitimate service to bypass email security systems and steal account information.
A sophisticated phishing campaign targeting Facebook users has been discovered. Worryingly, the perpetrators exploited a legitimate Google service to bypass email security systems, making it difficult for users to detect. Cybersecurity experts from KnowBe4 have issued an urgent warning about this dangerous scheme.
According to a warning from KnowBe4, cybercriminals are exploiting the Google AppSheet platform – a no-code application development tool – to distribute a large number of phishing emails. Because they are sent from Google's legitimate "@appsheet.com" address, these emails easily bypass domain authentication mechanisms such as SPF, DKIM, and DMARC, as well as Microsoft's secure email gateways (SEG). This allows phishing emails to appear directly in users' inboxes without being flagged as dangerous.
Notably, each email is generated with a unique ID code, making it difficult for traditional detection systems to identify and block them.
The fake email, impersonating a Facebook notification, accuses users of intellectual property infringement and warns that their accounts will be deleted within 24 hours. It includes a "Submit an Appeal" button to create a sense of urgency. When users click it, they are redirected to a fake website mimicking the Facebook login interface, hosted on Vercel – a reputable service specializing in hosting modern web applications. This makes the scam even more convincing.
On the fake website, if the victim enters their username and two-factor authentication (2FA) code, all their information will be transferred directly to the attacker. The tactic is even more sophisticated when the first login attempt intentionally displays "incorrect password" to force the user to re-enter the information, in order to verify its accuracy.
More dangerously, once stolen, 2FA codes can be immediately used by hackers to log into Facebook and gain control of the account. They can also obtain the session token, which allows them to maintain access even after the user has changed their password.
Users are advised to be vigilant against emails requesting urgent action or personal information, even if they appear to come from reputable sources. Cybersecurity experts emphasize: always carefully check the sender's address, do not rush to click on suspicious links, and absolutely do not enter login information if you are unsure about the authenticity of the website.
