Google AppSheet Exploited in 30,000-User Facebook Phishing Operation

Scammers are abusing Google AppSheet and Google Drive to bypass security filters and steal thousands of Facebook Business accounts globally.

Cybersecurity researchers at Guardio Labs have discovered a massive phishing operation that uses Google’s own infrastructure to hijack Facebook accounts. This research reveals a Vietnamese-linked operation code-named AccountDumpling that has already compromised over 30,000 users globally.

AppSheet Abuse

Guardio Labs researchers explained in the report that this campaign abuses the notification system of Google AppSheets (a no-code tool designed for business automation). By using this service, hackers send emails from [email protected] and appsheet.bounces.google.com.

These emails originate from Google’s servers, and that’s why passing the authentication checks like SPF, DKIM, and DMARC becomes possible. Researchers noted that the phishing lures involve Meta-related themes. Such as fake copyright complaints or account disablement warnings. One email from April 2026 included the text “Case ID: 6480258166 ...