New Delhi. A large-scale phishing campaign known as “Account Dumpling” has targeted nearly 30,000 Facebook accounts worldwide by misusing Google AppSheet’s email system to send fraudulent messages. According to a report by cybersecurity firm Guardio, researcher Shaked Chen found that attackers used trusted digital infrastructure to make fake account warnings appear credible and bypass security filters.
Google AppSheet Misused to Send Fake Alerts
The attackers allegedly used Google AppSheet’s official email system to send phishing messages that appeared genuine. By routing emails through a trusted platform, the campaign was able to evade spam filters and increase the likelihood of victims trusting the communication.
FCRF Academy Launches Premier Anti-Money Laundering Certification Program
The messages impersonated Meta’s support team and warned users that their Facebook accounts could be permanently deleted. Under pressure, victims were directed to malicious links where they unknowingly shared login credentials, giving attackers access to their accounts.
Fake Pages and Verification Traps Used
The operation used several phishing techniques to extract user data. Fake Facebook Help Center pages were created to collect personal details such as date of birth, phone numbers and identity documents.
Attackers also used fraudulent “security check” and “blue badge verification” pages with fake CAPTCHA systems to trick users into revealing two-factor authentication codes. Phishing documents created through Google Drive and Canva were also used to seek passwords and screenshots under the pretext of account verification.
Stolen Data Sold Through Telegram Channels
Investigations found that stolen Facebook accounts and sensitive user data were later sold through Telegram channels. The compromised data is believed to have been used for further cyber fraud, identity theft and other illegal online activities.
The campaign affected users in India, the United States, Italy, Canada and Australia, indicating a global spread. Cyber investigators found indications linking the operation to Vietnam, including metadata from Canva documents that revealed the name “PHẠM TÀI TÂN.” Further tracing connected the same name to a digital marketing website.
Cybersecurity experts said the case shows how attackers are increasingly abusing trusted platforms to make phishing attempts appear legitimate. They advised users to remain cautious with account-warning emails, verify links before clicking, use strong passwords and enable two-factor authentication.
