New Facebook Scam Uses Google AppSheet to Steal Your Account

• Phishing Scam
• Facebook Security
• Cyber Safety

Cybercriminals are exploiting Google AppSheet and Vercel to launch convincing Facebook phishing scams. Learn how to protect your account.

Watch Out: Sophisticated Facebook Phishing Scam Spreading via Email

A highly sophisticated phishing campaign is making the rounds, and this time, it's using trusted tech platforms to deceive even the most cautious users. Cybercriminals are sending scam emails from @appsheet.com — a domain tied to Google’s AppSheet platform — making the messages appear entirely legitimate.

How the Scam Slips Past Email Defences

Because these emails originate from a genuine Google domain, they pass key email verification checks like SPF, DKIM, and DMARC. They also bypass Microsoft’s email filters and most Secure Email Gateways (SEG), allowing them to land directly in your inbox without suspicion.

Each phishing email is generated with a unique ID, further complicating detection and blocking by traditional systems.

The Bait: Fake Facebook Violation Warning

The email typically poses as a Facebook alert, claiming your account has violated intellectual property rules and will be deleted within 24 hours. It urges recipients to click a button labelled "Submit an Appeal" to avoid account suspension.

The Trap: A Perfectly Cloned Login Page

Clicking the link takes you to a fake Facebook login page that closely mimics the real thing. What makes it even more convincing is that it’s hosted on Vercel, a legitimate web hosting platform. This lends an extra layer of credibility to the scam.

Once you enter your credentials and two-factor authentication (2FA) code, these details are sent directly to the attackers. To further trick you, the fake page may reject the first password attempt, prompting you to re-enter it for confirmation.

Session Hijack: The Real Danger

After capturing your login details and 2FA code, scammers use them immediately to steal your session token. This token lets them maintain access to your Facebook account—even if you change your password afterwards.

How to Stay Safe

• Never click links in unsolicited emails claiming to be from Facebook or other major platforms.
• Always check the sender's domain, even if it looks legitimate.
• Be cautious of urgent messages demanding immediate action.
• Use browser extensions or email filters that can flag phishing attempts.
• Enable login alerts on Facebook to detect unfamiliar access immediately.
• Consider using a password manager to auto-fill credentials only on real websites.

If you believe you’ve entered your details on a phishing site, change your password immediately, revoke sessions from unknown devices, and enable 2FA if you haven’t already.

Report phishing attempts to Meta and Scamwatch to help prevent further attacks.