<ul><li>A new phishing campaign is exploiting Google AppSheets' workflow automation to send emails spoofing Facebook and harvesting login credentials.</li><li>The attackers are able to bypass email protection mechanisms and send phishing emails directly to inboxes using a legitimate Google service.</li><li>The phishing emails impersonate Facebook and attempt to trick individuals into providing login credentials and 2FA codes through a fake appeal process.</li><li>The attackers use unique email IDs and a landing page hosted on Vercel to deceive victims and obtain session tokens for persistent access even after password changes.</li></ul>

This dangerous new phishing scam spoofs a top Google program to try and hack Facebook accounts

Discover more