Laptop screen showing a fake Meta Support email sent through Google AppSheet, leading to a phishing page used to steal thousands of Facebook accounts.

Cybersecurity researchers uncovered a large phishing operation that allegedly hijacked around 30,000 Facebook accounts using Google AppSheet emails to bypass spam filters. The campaign targeted Facebook Business users with fake Meta Support warnings claiming accounts would be deleted unless they submitted an urgent appeal.

Laptop screen showing a fake Meta Support email sent through Google AppSheet, leading to a phishing page used to steal thousands of Facebook accounts.Laptop screen showing a fake Meta Support email sent through Google AppSheet, leading to a phishing page used to steal thousands of Facebook accounts.

Victims were redirected to counterfeit Meta login pages designed to steal passwords, business details, and two-factor authentication codes. Researchers said attackers also used Netlify, Vercel, Google Drive, and fake job offers impersonating brands like Meta, Adobe, Apple, and Coca-Cola to trick users into handing over account access.

Most victims were reportedly located in the U.S., India, Canada, Italy, and several other countries. Experts advise users to verify all Meta emails carefully, avoid clicking urgent login links, enable strong 2FA, and only access Facebook Business accounts through official websites.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net