Vietnamese Phishing Operation AccountDumpling Compromises 30,000 Facebook Accounts
These articles are AI-generated summaries. Please check the original sources for full details.
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
The Vietnamese-linked AccountDumpling operation utilizes Google AppSheet as a phishing relay to bypass standard email security filters. This campaign has successfully compromised approximately 30,000 Facebook accounts through sophisticated Meta-themed social engineering and illicit resale storefronts.
Why This Matters
This operation highlights the technical reality where attackers repurpose trusted SaaS platforms like Google AppSheet, Netlify, and Vercel to host and deliver malicious content. While security models often trust these domains implicitly, threat actors exploit this reputation to deliver phishing emails that bypass standard spam filters, reaching high-value targets like Facebook Business owners. The failure of traditional reputation-based filtering at this scale demonstrates a critical gap in automated threat detection for legitimate cloud services.
Key Insights
- Guardio identified the AccountDumpling operation in 2026, linking it to a Vietnamese-based storefront selling stolen assets.
- Threat actors used the AppSheet address [email protected] to bypass spam filters, a tactic also reported by KnowBe4 in 2025.
- Data exfiltration is handled via Telegram channels, which currently hold records for 30,000 victims across the U.S., Italy, and Canada.
- Attackers utilize browser-side rendering tools like html2canvas to capture browser screenshots and sensitive 2FA codes for real-time account takeover.
- Metadata analysis of PDFs generated via Canva identified the author as PHẠM TÀI TÂN, associated with a Vietnamese digital marketing domain.
Practical Applications
- Use Case: Organizations monitoring for [email protected] emails to identify potential Meta-themed phishing lures targeting business administrators.
- Pitfall: Implicitly trusting emails from reputable SaaS domains like Google AppSheet, which allows malicious relays to bypass traditional security gateways.
- Use Case: Security teams implementing CAPTCHA-aware detection for Vercel-hosted Security Check pages used in credential harvesting.
- Pitfall: Relying solely on 2FA as a defense, as this campaign successfully captures 2FA codes and browser screenshots in real-time via html2canvas.
References:
Continue reading
Next article
Mastering LLM Post-Training: A Practical Guide to SFT, DPO, and GRPO with TRL
Related Content
Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign
Attackers misused Google Cloud Application Integration to send 9,394 phishing emails from Google domains, bypassing filters and stealing credentials.
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes
Researchers used GAN-trained phishing pages to compromise Perplexity’s Comet AI browser in under four minutes, demonstrating a shift from human-targeted to AI-targeted attack surfaces.
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Russian-linked phishing campaigns have compromised thousands of Signal and WhatsApp accounts by impersonating support services to seize control of high-value targets' communications.