Beware of new and extremely sophisticated Facebook hacking tricks

A sophisticated phishing campaign has just been discovered, targeting Facebook users directly. What is worrying is that the perpetrators have taken advantage of a legitimate Google service to bypass email protection systems, making it difficult for users to detect. Cybersecurity experts from KnowBe4 have issued an urgent warning about this dangerous trick.

According to a warning from KnowBe4, cybercriminals are exploiting Google's AppSheet platform - a no-code application development tool - to spread phishing emails in bulk. By being sent from Google's legitimate "@appsheet.com" address, these emails easily bypass domain authentication mechanisms such as SPF, DKIM and DMARC, as well as Microsoft's email security gateways (SEG). This allows the phishing emails to appear directly in users' inboxes without being flagged as dangerous.

Notably, each email is generated with a unique ID code, making it difficult for traditional detection systems to identify and block.

The email purports to be a notification from Facebook, accusing the user of intellectual property infringement and warning that the account will be deleted within 24 hours. It includes a “Submit an Appeal” button to create a sense of urgency. When clicked, the user is taken to a fake Facebook login page hosted on Vercel, a reputable service that specializes in hosting modern web applications. This makes the scam even more convincing.

On the fake site, if the victim enters their username and two-factor authentication (2FA) code, all information will be sent directly to the attacker. The trick is even more sophisticated when the first login intentionally reports "wrong password" to force the user to re-enter, to verify the accuracy of the information.

Even more dangerous, the stolen 2FA code will be used immediately by hackers to log into Facebook and take control of the account. They also get the session token - allowing them to maintain access even after the user has changed their password.

Users are advised to be cautious of emails that ask for urgent action or personal information, even if they appear to be from reputable sources. Cybersecurity experts emphasize: always check the sender's address carefully, do not rush to click on suspicious links, and never enter login information if you are not sure about the authenticity of the website.