A new phishing operation linked to Vietnam has emerged. Cybercriminals are using Google AppSheet to send deceptive emails aimed at stealing Facebook accounts.
This campaign, dubbed **AccountDumpling** by security researchers at Guardio, has reportedly affected around 30,000 Facebook accounts. The stolen accounts are then sold on an underground market. Shaked Chen, a security expert, noted that this isn’t just a simple phishing scheme. It’s a well-oiled operation with real-time monitoring and advanced techniques to evade detection.
Recent attacks begin with phishing emails targeting Facebook Business account holders. The emails, disguised as communications from Meta Support, create a false sense of urgency. They urge recipients to fill out appeals or face account deletion. Since the emails come from a Google AppSheet address, they often bypass spam filters, which makes them even more effective.
In late 2025, research showed that similar tactics were used in earlier phishing campaigns. Guardio found that various strategies were employed to stir panic among users, including threats of account disables and requests for verification.
The key tactics identified include:
- Phishing pages that extract personal information like dates of birth and IDs, sending this data to Telegram channels controlled by criminals.
- Fake security checks aimed at collecting contact details and login credentials.
- Deceptive PDFs pretending to offer account verification instructions, helping attackers capture sensitive information like passwords and 2FA codes.
- Job offers that imitate reputable companies to engage users and eventually direct them to phishing sites.
These tactics highlight a significant trend. According to Guardio, their Telegram channels currently hold data from about 30,000 victims, with many located in countries like the U.S., Italy, and the U.K.
Evidence suggests that the operation is spearheaded by individuals with Vietnamese ties. The PDFs used for phishing contained metadata revealing a Vietnamese name. Additionally, open-source intelligence uncovered a website offering digital marketing services, which is linked to this operation.
Chen stated, “This is a glimpse into a dark market where stolen Facebook accounts become tradable assets. Platforms that should be trusted are being manipulated for criminal gain.”
In light of these developments, increasing vigilance against phishing attempts is crucial. Users should be cautious of unexpected emails and verify sources before providing personal information. Cybersecurity remains a growing concern, underscoring the need for better awareness and protective measures.
For more detailed statistics on cybersecurity threats, you can refer to reports from the Cybersecurity & Infrastructure Security Agency (CISA) [here](https://www.cisa.gov/). Keeping informed helps users stay ahead of these evolving threats.
