•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Approximately 30,000 Facebook Business accounts are believed to have been hijacked in a large-scale fraud operation, according to security firm Guardio. The firm says the data obtained from the campaign is being sold on dark markets controlled by the hackers.
Security expert Shaked Chen said the activity is not a single phishing tool, but a real-time, organized operation that can bypass multiple layers of security and is continually upgraded. He described it as a “closed-loop crime cycle,” in which hijacked accounts are quickly exploited for profit.
Chen said the primary targets are Facebook Business owners. Tactics often begin with counterfeit Meta support emails. These messages are sent from noreply@appsheet.com, a detail that may help the emails bypass spam filters and appear legitimate.
Victims are then directed to sophisticated counterfeit sites designed to harvest login credentials. Chen added that the attackers are diversifying methods to take over Facebook Business accounts worldwide.
One reported approach involves fake support pages hosted on Netlify. These pages are used to collect login credentials and additional personal and identity information, including birth dates, phone numbers, and ID photos. Chen said the collected data is then sent to Telegram channels controlled by the attackers.
A second tactic involves a “green check” ruse. Users are led to fake “Security Check” or “Meta Security Center” pages hosted on the Vercel platform, where victims are prompted to complete fake verifications. During these steps, victims may provide passwords and 2FA codes.
Chen also said the hackers distribute counterfeit PDFs on Google Drive that claim to provide instructions to verify accounts. These documents can capture sensitive information and may even take screenshots of the victim’s browser via html2canvas.
In another scenario, attackers impersonate senior personnel from large firms such as WhatsApp, Meta, Apple, Adobe, or Coca-Cola. Chen said the goal is to build trust and entice victims to malicious links or risky calls.
Telegram channels controlled by the attackers indicate around 30,000 victims have been deceived and lost access. Chen said the campaign is global, with victims reported in the US, Italy, Canada, the Philippines, India, Spain, Australia, the UK, Brazil, and Mexico.
Chen said the indicators point to an organized, large-scale attack and reflect an underground market in which access to Facebook accounts, business identities, ad account credibility, and even account recovery services are bought and sold.
He also highlighted a worrying trend: hackers increasingly exploit reputable technology platforms as “cover” to host and distribute fraud content, helping maximize profits.
Premium gym chains are entering a “golden era” that is ending or already in decline, as rising operating costs collide with shifting consumer preferences toward more flexible, community-based ways to exercise. Long-term memberships are shrinking, margins are pressured by higher rents and facility expenses, and competition from smaller, more personalized…
