Why 30,000 People Fell for a Phishing Scam That Looked Like Google
A sophisticated phishing operation stole 30,000 Facebook accounts by hiding behind Google's trusted name. Here's what families need to know.
Source
GetCyberRight Intelligence
Original headline: Google AppSheet Phishing Campaign Myth
Plain-English summary by GetCyberRight. Read the full report at the source above.
When Trusted Names Hide Dangerous Traps
A Vietnamese cybercriminal operation recently stole more than 30,000 Facebook accounts using a technique that bypassed most people's defenses. They did this by routing their phishing attacks through Google AppSheet, a legitimate Google service. The stolen accounts were then sold on underground marketplaces, putting thousands of families at risk.
The Details
Here's what made this attack so effective: the criminals didn't send emails from suspicious addresses. Instead, they used Google AppSheet, a real tool that businesses use to build simple applications. When victims received phishing messages, the links appeared to come from Google's own domain. Email security systems flagged nothing unusual because technically, the messages were coming from Google.
When people clicked these links, they landed on pages that looked like Facebook login screens. Because the initial link came from a trusted Google domain, victims felt safe entering their usernames and passwords. The fake pages captured this information and sent it directly to the attackers.
The operation ran long enough to compromise 30,000 accounts before being discovered. Those accounts were then packaged and sold to other criminals who used them for everything from spreading more scams to impersonating real people. The victims often had no idea their accounts were compromised until friends reported strange messages or posts.
Who Is Affected
This threat impacts anyone with a Facebook account, but certain groups face higher risk. Parents managing family photos and communication through Facebook should be especially alert. Seniors who trust familiar brand names like Google are particularly vulnerable to this tactic.
Small business owners who use Facebook for customer outreach are also prime targets. A compromised business account can damage your reputation and expose your customers to follow-up scams. If you've ever clicked a link that asked you to re-enter your Facebook login, you need to read the next section carefully.
What You Should Do Right Now
Check your Facebook account activity right now. Go to Settings > Security and Login > Where You're Logged In. If you see unfamiliar locations or devices, log them out immediately and change your password.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Enable two-factor authentication on Facebook today. Go to Settings > Security and Login > Two-Factor Authentication. Choose either text message codes or an authentication app. This stops attackers even if they have your password.
Never enter your password after clicking an email link. Instead, type facebook.com directly into your browser. If you really need to log in, go there yourself rather than trusting any link.
Review apps connected to your Facebook account. Go to Settings > Apps and Websites. Remove anything you don't recognize or no longer use. Criminals often use these connections to maintain access.
Talk to family members about this specific threat. Show them this article. Explain that even links from Google or other trusted companies can be dangerous.
The Bigger Picture
This attack represents a troubling evolution in phishing tactics. Criminals are no longer just pretending to be trusted companies. They're actively using trusted services as weapons against us. Traditional advice like "check the sender's email address" no longer protects you when the sender actually is Google. Staying safe now requires understanding that legitimate tools can be misused, and verification must happen at multiple steps.
How GetCyberRight Can Help
Our GCR Scam Guard tool was designed exactly for threats like this. It analyzes links even when they come from trusted domains like Google, checking where they ultimately lead and what they're really asking for. Scam Guard looks beyond the domain name to identify phishing attempts hiding behind legitimate services. It's the extra layer of protection families need when traditional security advice isn't enough.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
Linux Security Flaw Under Active Attack: What Small Businesses Need to Know
CISA warns that attackers are actively exploiting a serious Linux security bug. Here's what small business owners need to understand and do right now.
3 min read
Stop Changing Your Passwords Every 90 Days (It's Making You Less Safe)
That old advice to rotate passwords quarterly is outdated and dangerous. Here's what security experts now recommend for families instead.
3 min readThe Public Wi-Fi Advice You're Hearing Is Dangerously Outdated
Modern encryption has changed what's actually dangerous about public Wi-Fi. The real threat isn't eavesdropping anymore. It's fake networks designed to trick you.
4 min readPublic WiFi Is Safer Than You Think: What Families Really Need to Know
The old warning to avoid public WiFi is outdated. Modern encryption protects most of your activity, but a few risks still matter.
3 min read