30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign

Key Points:

• A Vietnamese-linked cyber operation named AccountDumpling has been using Google AppSheet to distribute phishing emails targeting Facebook Business account owners, aiming to steal and sell around 30,000 Facebook accounts.
• The phishing emails impersonate Meta Support and bypass spam filters by using a Google AppSheet address, directing victims to fake websites designed to harvest login credentials, personal information, and two-factor authentication codes.
• The campaign employs multiple lures including fake Facebook help center pages, blue badge evaluations, Google Drive-hosted verification PDFs, and fake job offers from well-known companies to trick victims into providing sensitive data.
• Stolen data is exfiltrated to attacker-controlled Telegram channels, with most victims located in countries such as the U.S., Italy, Canada, and the Philippines, and evidence links the operation to a Vietnamese individual named "PHẠM TÀI TÂN" who runs a digital marketing service website.
• Security researchers highlight this as a sophisticated, evolving criminal-commercial ecosystem that leverages trusted platforms for phishing and monetizes stolen Facebook assets, reflecting a broader trend in Vietnamese cybercrime tactics.