Saturday, June 14, 2025
Advertisements

Phishing Attacks Exploit AppSheet to Mimic Meta and Bypass Email Defenses

by Charline
written by Charline

A new wave of phishing attacks is exploiting Google’s AppSheet platform to impersonate Meta and evade traditional email security systems, according to research by KnowBe4 Threat Labs.

Since March 2025, KnowBe4 has seen a sharp rise in phishing emails sent via AppSheet. On April 20 alone, 10.88% of all phishing emails blocked by KnowBe4’s Defend platform came through AppSheet. Of those, 98% pretended to be from Meta, while 2% mimicked PayPal.

Advertisements
AppSheet, owned by Google, is being misused by attackers to send phishing emails using the trusted domain [email protected]. This tactic helps emails avoid detection by Microsoft and other secure email gateways, which often rely on domain reputation and checks like SPF, DKIM, and DMARC.

The phishing emails claim to be from the “Facebook Support Team” and copy Meta’s branding. They contain urgent warnings about account deletion and include a prominent “Submit an Appeal” button. Clicking the button directs users to a fake login site designed to steal credentials.

Advertisements

“The email looks convincing, using Meta’s style and an official-looking signature,” said KnowBe4. “However, the footer links don’t work, and the email uses pressure tactics to push users into acting quickly.”

Advertisements

Each email includes a unique case ID generated by AppSheet. This use of polymorphic identifiers makes detection harder, as security filters struggle to find consistent patterns.

Advertisements
The phishing site is hosted on the Vercel platform and mimics Meta’s login page. It includes an animated logo and official-looking design. Once a user clicks the link, they’re told their account is at risk and are prompted to log in to appeal the issue.To increase the chance of success, the site asks users to enter their credentials and two-factor authentication (2FA) codes twice, pretending the first attempt failed. This tactic collects more accurate data and adds urgency and confusion.

KnowBe4 explains that the phishing site acts as a man-in-the-middle proxy. When a user enters their login and 2FA details, the site sends that information in real time to the actual Meta servers. This gives the attacker immediate access to the account by hijacking the session token.

This tactic is part of a wider trend where hackers abuse legitimate platforms to avoid detection. KnowBe4 has seen similar phishing campaigns using services from Microsoft, Google, QuickBooks, and Telegram. These trusted platforms, combined with convincing designs and social engineering, help bypass even advanced email security tools like Microsoft 365 and SEGs.

Ashley Stephens, an account manager at Hotwire Australia, commented, “This campaign shows how cybercriminals are evolving. They use trusted services and human manipulation to get around traditional defenses. Organisations must focus not just on technology, but also on managing human risk, supported by AI tools.”

KnowBe4 also emphasized the growing use of Integrated Cloud Email Security solutions that use AI to detect advanced phishing threats. They recommend regular security awareness training based on real-world examples to help staff spot future attacks.

KnowBe4 Threat Labs continues to monitor these evolving phishing campaigns and advises a multi-layered approach. Combining technical defenses, user education, and AI monitoring is key to staying protected against modern cyber threats.

You Might Also Like
Advertisements
blank

Charline is the editor of ProxyServerPro's platform. She is a digital privacy and proxy solutions expert with over 10 years of experience writing and editing content related to online security, browsing solutions, and data protection. Charline has contributed to various tech publications and worked closely with professionals and businesses to enhance their understanding of proxies, internet anonymity, and digital security. Prior to joining ProxyServerPro, she worked at leading digital security firms, where she helped produce educational content aimed at helping users navigate the complexities of the online world with confidence and security.

You may also like

Hackers Exploit Cloudflare Tunnels for Stealthy Network Access

Hackers Launch Large-Scale Cyber Attacks on Government Servers

Cybercriminals Target Specific Domain Zones in Rising Phishing Attacks

Fake Antivirus Site Distributes Malware to Steal Financial Data

Velvet Chollima Targets South Korean Officials With Weaponized PDFs

Silver RAT Malware Evades Antivirus and Executes Harmful Activities

blank

At ProxyServerPro, we are dedicated to providing cutting-edge proxy solutions tailored to meet the diverse needs of businesses and individuals. Our platform offers a comprehensive range of high-performance proxies, including residential, datacenter, and mobile options, ensuring seamless browsing, data scraping, and online anonymity. With a focus on reliability, speed, and security, we empower users to navigate the digital landscape with confidence. Whether you’re managing ad verification, market research, or web automation, ProxyServerPro is your trusted partner for scalable, efficient, and secure proxy services. Explore our portal to discover how we can elevate your online experience.

popular recommendation

The Five Best Free Proxy Servers
Is FoxyProxy Safe?
AI Demand Drives Record Revenue Growth in Server and Storage Components
How Does a Web Proxy Work?

Useful Links

TAGS

© 2024 Copyright  proxyserverpro.com