1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This dangerous new phishing scam spoofs a top Google program to t

    From TechnologyDaily@1337:1/100 to All on Monday, May 26, 2025 22:30:08
    This dangerous new phishing scam spoofs a top Google program to try and hack Facebook accounts

    Date:
    Mon, 26 May 2025 21:27:00 +0000

    Description:
    The phshing emails are seemingly coming from a legitimate source, but are sharing a malicious landing page.

    FULL STORY ======================================================================KnowBe4 is warning of a new phishing campaign leveraging Google AppSheets' workflow automation The emails are spoofing Facebook and harvesting login credentials The attackers can grab session tokens, as well

    Cybercriminals are abusing a legitimate Google service to bypass email protection mechanisms and deliver phishing emails straight to peoples
    inboxes.

    Cybersecurity researchers KnowBe4, who first spotted the attacks, have warned the crooks are using Google AppSheet, a no-code application development platform for mobile and web apps, and through its workflow automation were able to send emails using the "[email protected]" address.

    The phishing emails are mimicking Facebook, and are designed to trick people into giving away their login credentials, and 2FA codes , for the social
    media platform.

    Get Keeper Personal for just $1.67/month, Keeper Family for just
    $3.54/month, and Keeper Business for just $7/month

    Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

    It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts
    to protect against cyber threats.

    Preferred partner ( What does this mean? ) View Deal 2FA codes and session tokens

    The emails, which were sent in-bulk and on a fairly large scale, were coming from a legitimate source, successfully bypassing Microsoft and Secure Email Gateways (SEGs) that rely on domain reputation and authentication checks
    (SPF, DKIM, DMARC).

    Furthermore, since AppSheets can generate unique IDs, each email was slightly different, which also helped bypass traditional detection systems.

    The emails themselves spoofed Facebook. The crooks tried to trick victims
    into thinking they infringed on someones intellectual property, and that
    their accounts were due to be deleted within 24 hours.

    Unless, of course, they submit an appeal through a conveniently placed Submit an Appeal button in the email.

    Clicking on the button leads the victim to a landing page impersonating Facebook, where they can provide their login credentials and 2FA codes, which are then relayed to the attackers.

    The page is hosted on Vercel which, KnowBe4 says, is a reputable platform known for hosting modern web applications. This further strengthens the
    entire campaigns credibility.

    The attack has a few additional contingencies. The first attempt at logging
    in returns a wrong password result - not because the victim typed in the
    wrong credential - but in order to confirm the submission.

    Also, the 2FA codes that are provided are immediately submitted to Facebook and in return - the crooks grab a session token which grants them persistence even after a password change. You might also like YouTubers targeted by blackmail campaign to promote malware on their channels Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-dangerous-new-phishing-scam-spoofs -a-top-google-program-to-try-and-hack-facebook-accounts


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)