gpt]
Rewrite the content fetched from
Scammers observed using Google’s AppSheet to impersonate Meta and PayPal
A newly emerged phishing campaign is capable of bypassing defences to MFA codes and credentials.
Researchers at identity security firm KnowBe4’s Threat Labs have observed a highly advanced phishing campaign using Google’s AppSheet development platform to impersonate Meta and PayPal
First observed in March, the campaign appears to have peaked on April 20, when more than ten per cent of all global phishing emails identified and stopped by KnowBe4 were sent from AppSheet.
You’re out of free articles for this month
The vast majority, 98.2 per cent, impersonated Facebook’s parent company, while the rest impersonated PayPal.
The scammers are taking advantage of AppSheet’s workflow automation to send massive amounts of phishing emails, and since they come from a legitimate address – [email protected] – they can bypass Microsoft’s protection and Secure Email Gateways that use reputation checks.
“In addition to leveraging a legitimate domain, this campaign also impersonated Meta (Facebook), using forged branding and urgent language – such as warnings about account deletion – to pressure recipients into taking immediate action,” KnowBe4 said.
“The use of a trusted brand like Meta helps lower suspicion and increase user engagement, making the phishing emails and the subsequent credential harvesting site appear more credible.”
The emails appear to be from the Facebook support team and even feature unique Case IDs created by AppSheet. In addition, the campaign utilises unique polymorphic identifiers in each email to make subtle changes to its contents, another trick to bypass detection systems that rely upon known malicious URLs and other static indicators. This poses a challenge for IT teams and makes remediation difficult.
The emails feature links that appear to lead to an online appeals form, which again looks legitimate, complete with Meta logos and branding. This page says the victim’s Facebook account is at risk of deletion to pressure them into giving away personal information and credentials.
The phishing site also operates as a man-in-the-middle proxy, sending login and MFA codes to a legitimate Facebook site and then hijacking that session to obtain a valid session token in order to bypass two-factor authentication and gain access to the victim’s account.
“The exploitation of AppSheet is part of a broader trend of using legitimate services to bypass traditional email security detections; a pattern our Threat Labs team has observed in recent analyses of other services like Microsoft, Google, QuickBooks, and Telegram,” KnowBe4 said.
“This tactic, in combination with sophisticated impersonation, man-in-the-middle techniques and social engineering makes this campaign highly advanced and engineered to bypass detection technologies used in Microsoft 365 and SEGs.”
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
into a completely fresh, human-written article that feels authentic and naturally written. The tone must reflect everyday human communication—professional, clear, and engaging without sounding like it’s generated by AI. Strictly avoid generic AI-style phrases, exaggerations, filler lines, or hallucinated content.
Structure the article with appropriate subheadings (H2, H3, etc.) and ensure it is *at least 500 words*. Each paragraph should be well-structured, focusing on a specific angle or detail from the source.
Incorporate *high-ranking SEO keywords* relevant to the topic where naturally appropriate—never forced. Prioritize keyword-rich phrases commonly searched online while maintaining readability and flow.
Use real-world phrasing, straight facts, and simple but intelligent language as used in human-authored blogs or news articles. Avoid summaries or conclusions; focus purely on rewriting the key points into a compelling narrative without inventing new ideas.
Do not add your own opinions or additional content—strictly rephrase and rewrite the original source material in a fresh, optimized, and human-sounding format.
[/gpt3]
