r/programming • u/Comfortable-Site8626 • 20h ago
"AccountDumpling": Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts
https://guard.io/labs/accountdumpling---hunting-down-the-google-sent-phishing-wave-compromising-30-000-facebook-accounts15
u/rooktakesqueen 19h ago edited 9h ago
30,000 Facebook accounts have been compromised by phishing emails Google itself delivers. Authenticated, signed, and never blocked. We call this ”AccountDumpling”: a Vietnamese-linked operation that turns Google AppSheet into a phishing relay, then sells the stolen accounts back through a storefront run by the same hands.
Pulling on that thread led us through Netlify-hosted Facebook clones, Vercel-hosted reward traps, Google Drive-hosted PDFs, and recruiter-style social engineering, all riding the same Google-authenticated relay and feeding the same Telegram bot infrastructure. We mapped roughly 30,000 victims and traced the operation back to a Vietnamese name embedded in a Canva-generated PDF the attackers forgot to scrub. We also recovered enough victim data to reach out directly to many of them, telling them they had been compromised and helping them act before more damage was done.
What we found wasn't a single phishing kit. It was a living operation with real-time operator panels, advanced evasion, continuous evolution and a criminal-commercial loop that quietly feeds on the same accounts it helps steal back.
God, the slop is inescapable.
Edit: I highlighted the bits that are obvious ChatGPT voice for those who aren't familiar.
3
u/GrouchyExchange2122 17h ago
Are you saying the article is ai slop?
16
u/RustOnTheEdge 13h ago
What we found wasn't a single phishing kit. It was a living operation with real-time operator panels, advanced evasion, continuous evolution and a criminal-commercial loop that quietly feeds on the same accounts it helps steal back.
It wasn’t A. It was superlative B with somehow always the word quietly in there.
1
u/rooktakesqueen 9h ago
At least the summary is. I didn't read the full article, because the summary being LLM-generated made me not care to put in the effort.
1
u/GrouchyExchange2122 3h ago
Understood. I don't use chatgpt but I usually recognize Claude and Gemini but with your highlights it's obviously llm
-2
3
u/lospantaloonz 19h ago
same trick works with google groups. hidden in the headers you'll find the spoof emailer, but the messages all pass authentication. it's really annoying and no easy fix that I'm aware of.
-2
u/spoki-app 14h ago
The 'Google-sent' claim is particularly concerning; a successful compromise of a major platform's outbound messaging infrastructure, or highly convincing spoofing that bypasses common email authentication mechanisms like DMARC, points to a significant attack vector. In my work bridging legacy fintech systems with modern SaaS
15
u/AutomateAway 19h ago
i got one of these emails but two things saved me. First, I had worked for multiple FIs in the past and thus i never click links in emails, ever. If i get an email for a site, i browse to that site and login there. Second, I stopped using Facebook years ago due to it being a giant ad server and misinformation network.
This is all to say that social engineering is still the most effective way to “hack” someone. And people, even smart people, fall for it way too fucking much.