← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Hunting Down the Google-Sent Phishing Wave Compromising 30,000+ Facebook Accounts
WHITE celestre 2026-05-07 Modified: 2026-05-07
26
IOCs
MEDIUM VOLUME
Email phishing used to rely on spoofing, shady SMTP infrastructure, and just enough broken authentication to slip through the cracks. This case starts from the opposite premise: the email is real, the authentication is clean, and the delivery comes through Google’s own AppSheet, the no-code app builder's notification system.
httpsvercelgoogle drivethreatreplytoscam domains
Indicators of Compromise (4 / 26 total)
All URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://dichvufbgiare.com/ 2026-05-07
URL https://phamtaitan.vn/ 2026-05-07
URL https://shorten.tv/NvII9 2026-05-07
URL https://shorten.tv/facebook-meta-password_and_security_change-pass 2026-05-07
References (1)
↗ https://guard.io/labs/accountdumpling---hunting-down-the-google-sent-phishing-wave-compromising-30-000-facebook-accounts