Cybercriminals stole the Facebook login credentials of approximately 30,000 users in a phishing campaign that cleverly used Google’s AppSheet platform to deliver fake alerts. AppSheet is a legitimate Google tool that lets anyone build simple apps and automated emails — scammers exploited this to make their phishing messages appear to come from a trusted Google address, helping them slip past spam filters.
The fake emails warned recipients that their Facebook accounts had violated community standards and urged them to appeal by clicking a link. That link led to a convincing fake Facebook login page designed to capture usernames and passwords the moment someone typed them in. Affected devices include any platform where you access Facebook — desktop browser, iPhone, Android phone, or tablet. If you received any unexpected “policy violation” email about your Facebook account and clicked through, you should act right away.
How to check if you’re affected
- Review active sessions on your Facebook account. Go to Settings → Security and Login → Where You’re Logged In. Remove any device or location you don’t recognize.
- Look for suspicious emails from AppSheet. Fake warnings sent from
appsheet.comaddresses about Facebook violations are the telltale sign of this campaign. Legitimate Facebook emails always come from@facebookmail.com. - Change your Facebook password immediately if you clicked a link from one of these emails and entered your credentials — go to Settings → Security and Login → Change Password.
- Enable Two-Factor Authentication (2FA). In Facebook Settings under Security and Login, turn on 2FA so your account stays safe even if someone else has your password. All device types (iOS, Android, desktop browsers) support this.