Guard.io Warns of Facebook Blue Badge Phishing Scam Compromising Thousands of Accounts
A new phishing scam targeting Facebook users has been identified by Guard.io security researchers, involving emails that promise a free blue verification badge. This campaign, named AccountDumpling, is linked to a Vietnamese criminal operation and has reportedly compromised 30,000 accounts. The emails, which appear to be sent from Google infrastructure, lure users into providing their Facebook credentials by offering a free badge without the need for a Meta Verified subscription. The attackers use Google AppSheet to send these phishing emails, exploiting its notification mechanism to reach a wide audience. The emails employ various deceptive tactics, such as using Unicode invisible characters and broken text, to bypass detection. Once users fall for the scam, their accounts are hijacked and sold back through a storefront operated by the attackers. 
