Social MediaTech

New Meta Support Email Scam Targets Facebook Business Users

TIG SEA7 hours ago
51 2 minutes read

New Facebook Phishing Scam Uses Fake Meta Support and Blue Badge to Hack 30,000 Accounts

A new wave of Facebook phishing attacks is making headlines after reportedly compromising around 30,000 accounts, with attackers using highly convincing tactics involving fake Meta Support messages and blue badge offers.

How the Attack Works

According to reports, the campaign has been linked to threat actors believed to originate from Vietnam and has been dubbed “AccountDumpling” by cybersecurity firm Guardio.

The attack typically begins with an email pretending to be from Meta Support, warning users that their account is at risk of suspension unless they take immediate action.

What makes this campaign especially dangerous is that the emails are sent through Google AppSheet using the address noreply@appsheet.com, making them appear legitimate and more likely to bypass spam filters.

Fake Websites That Look Real

Once victims click the link, they are redirected to fake websites designed to closely mimic official Meta pages, such as:

  • Facebook Help Center clones
  • Security verification pages
  • Fake blue badge application forms

These pages ask users to input:

  • Login credentials
  • Business account details
  • Two-factor authentication codes
  • Personal information

Some versions even include fake CAPTCHA systems to make the process feel more authentic.

Multiple Attack Variations

The campaign is not limited to a single method. Researchers found multiple variations, including:

  • Fake Help Center pages hosted on Netlify
  • Blue badge scams deployed via Vercel
  • PDF files on Google Drive posing as verification steps
  • Fake job offers impersonating major brands like WhatsApp, Meta, Adobe, Apple, and Coca-Cola

This multi-channel approach significantly increases the chances of success.

What Happens After Your Account Is Stolen

Once attackers gain access, the stolen data is:

  • Sent through Telegram channels
  • Sold on underground marketplaces

For Facebook Business accounts, the damage can be severe, as these accounts often include:

  • Advertising history
  • Connected pages
  • Payment methods
  • Brand credibility

This makes them highly valuable targets for cybercriminals.

How to Protect Yourself

To stay safe, users should take extra precautions:

  • Avoid clicking links in urgent or threatening emails
  • Always access Facebook or Meta services directly through official apps or websites
  • Enable two-factor authentication (2FA)
  • Regularly review page roles and admin access

Even if an email looks legitimate, it’s safer to verify notifications manually through official channels.

Phishing Is Getting Smarter

This incident highlights how phishing attacks are evolving. It’s no longer just about fake messages. Attackers are now leveraging trusted platforms and services to make scams more believable than ever.

Staying cautious and verifying every request is the best defense in today’s increasingly sophisticated digital landscape.

 Origin: The Hacker News

Tags
TIG SEA7 hours ago
51 2 minutes read
Photo of TIG SEA

TIG SEA

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button