The phishing scheme leverages trusted platforms like Google AppSheet and Netlify to host credential harvesting pages, with stolen data sent to attackers via Telegram bots.
How the Phishing Campaign Operates
Attackers have launched a sophisticated phishing campaign targeting Facebook users by exploiting trusted third party services. The operation uses Google AppSheet to create seemingly legitimate landing pages and Netlify for hosting the phishing infrastructure, which helps bypass security filters that often flag suspicious domains. Once victims land on these pages, they are prompted to enter their Facebook login credentials.
The stolen data is exfiltrated through Telegram bots, a tactic that allows attackers to receive credentials in real time while avoiding detection by traditional email security tools. By chaining these free or widely used platforms, the attackers can evade URL scanning and make their malicious pages appear more trustworthy to potential victims.
Impact and Scope
This campaign targets a broad set of Facebook users, aiming to harvest credentials for account takeover, fraud, or further phishing attacks. The abuse of legitimate services like Google AppSheet and Netlify makes detection harder for security systems that assume such platforms are safe. Users who reuse passwords across multiple accounts face heightened risk of cascading breaches.
No specific CVEs are linked to this campaign, as it relies on social engineering and the misuse of standard service features rather than software vulnerabilities. However, the technique highlights the growing trend of attackers exploiting the trust placed in popular web platforms. Users are advised to enable two factor authentication on Facebook and verify the legitimacy of any page requesting login info.
Source: Cyber Security News
