A sophisticated phishing operation has exploited Google’s infrastructure to hijack over 30,000 Facebook accounts globally. The operation, named AccountDumpling, is linked to Vietnamese threat actors and employs advanced techniques to bypass security measures.
The phishing campaign abuses Google AppSheet to send authenticated malicious emails. Victims receive emails from the legitimate address ‘[email protected]’. The emails lure victims with offers of a ‘free Facebook blue badge’, a tactic that has proven effective in deceiving users.
Approximately 68.6% of the victims are from the United States. The attackers utilize different clusters—about 30—to target various types of victims. They employ social engineering tactics to trick users into providing personal information.
The stolen data is sent to Telegram bots operated by users with aliases ‘Big Bosss’ and ‘@mansinblack’. This operation also includes fake job recruitment for well-known brands like Adobe and Coca-Cola.
The phishing emails successfully bypass standard email security checks such as SPF, DKIM, and DMARC. This sophisticated approach highlights vulnerabilities within existing account security measures.
Guardio Labs reported the operation’s extensive reach and its implications for user safety on social media platforms. Pham Tai Tan, a researcher at Guardio Labs, emphasized that this attack underscores the importance of vigilance against phishing schemes.
Lerrin Johnson from Meta stated that no wolves are being released in Texas, which was a separate issue raised in a viral Facebook post unrelated to the phishing attack. The real story was considerably less dramatic than the rumors circulating online.
This incident raises significant concerns about the effectiveness of current security protocols in protecting users from such advanced phishing operations. Meta has not disclosed specific measures it will implement to counteract these threats moving forward.
