Thousands of Facebook accounts stolen by phishing emails sent through Google

How Thousands of Facebook accounts stolen by phishing emails sent through Google Works

Cybercriminals are actively compromising Facebook accounts by sending sophisticated phishing emails. These emails bypass security measures by utilizing Google AppSheet, tricking users into revealing their login credentials.

How This Scam Works — Detailed Explanation

Cybercriminals have increasingly turned to advanced tactics to carry out phishing scams, and one of the latest methods involves compromising thousands of Facebook accounts through seemingly innocuous phishing emails sent via Google AppSheet. Scammers typically gather information about potential victims by scouring social media platforms and public forums, identifying individuals who are likely to be active on Facebook. They create highly personalized email campaigns that may appear to come from legitimate services, enticing users to click on malicious links. The integration of Google’s trusted AppSheet facilitates this deception by masking the true intent, making the email look credible and increasing the chances of user engagement.

In crafting these phishing emails, scammers employ psychological tricks designed to instill a sense of urgency or fear in the victims. For instance, the email might state that there has been suspicious activity on the victim's Facebook account, urging them to verify their identity urgently. This tactic plays on the victim's concern for security and encourages them to act quickly, often without fully verifying the legitimacy of the request. Elements like familiar logos, customized greetings, and official-sounding language further deceive unsuspecting recipients, leading them to believe they are communicating with Facebook or another trusted entity.

Once the victim engages with the phishing email by clicking on a link, they are redirected to a fraudulent login page that closely resembles the actual Facebook login interface. When they enter their credentials, these details are captured by the scammers. In some recent cases reported in India, victims lost control of their accounts, which were subsequently used to send spam to their friends or commit further scams. Moreover, if these accounts are linked with online banking apps like UPI or personal information like Aadhaar, the consequences can be severe. Victims reported unauthorized transfers via UPI, leading to substantial financial losses, and their identities being compromised.

According to the latest data, phishing scams, including those targeting Facebook accounts, have resulted in massive financial ramifications across India. It is estimated that ₹250 crore has been lost to cyber scams involving social media accounts over recent years. The Ministry of Home Affairs (MHA), the Reserve Bank of India (RBI), and CERT-In have all issued multiple advisories warning users to be cautious. Victims are encouraged to report these incidents promptly, as statistics indicate that immediate reporting can sometimes assist in recovering lost funds or preventing further exploitation of compromised accounts.

To distinguish between these scams and legitimate communications, users should be vigilant about email addresses and links. Genuine communications from Facebook would use official domains and not shortened or obscure URLs. Moreover, any email requesting sensitive information, especially under the guise of urgency, should raise red flags for users. In India, being aware of these indicators can serve as a strong defense against falling victim to such malicious schemes.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Thousands of Facebook accounts stolen by phishing emails sent through Google Target?

General public across India

Red Flags — How to Identify Thousands of Facebook accounts stolen by phishing emails sent through Google

• Facebook
• phishing
• Google AppSheet
• account takeover
• email scam

What To Do If You Encounter Thousands of Facebook accounts stolen by phishing emails sent through Google

1. Report phishing attempts immediately to the helpline at 1930 or visit cybercrime.gov.in.
2. Change your Facebook password immediately if you suspect a phishing attempt.
3. Enable two-factor authentication on your Facebook account for added security.
4. Monitor your bank accounts for any suspicious transactions, and notify your bank if you notice anything unusual.
5. Educate family and friends about phishing scams to build awareness and prevent similar incidents.

How to Report Thousands of Facebook accounts stolen by phishing emails sent through Google in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a phishing scam?

Immediately contact your bank helpline (e.g., SBI: 1800-11-1109) and report the incident. Change your online banking passwords and enable two-factor authentication.

How can I identify these specific phishing emails?

Look for unsolicited emails with urgent requests or unusual links. Check the sender’s email domain carefully as scammers often use similar-looking addresses.

How do I report this type of scam in India?

You can report the scam by calling the cybercrime helpline at 1930 or visiting cybercrime.gov.in to lodge a complaint.

What are the steps to recover my account and prevent further issues?

First, secure your account by changing passwords and enabling two-factor authentication. Report the incident to Facebook and monitor linked accounts for unusual activity.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.