Urgent attacks compromise Meta and PayPal accounts in real time

In a recent alarming development, a sophisticated phishing campaign has been reported, primarily targeting users of Meta and PayPal. This operation employs advanced techniques, such as polymorphic identifiers and man-in-the-middle proxy tactics, allowing attackers to compromise accounts almost instantly. The attacks have become particularly concerning due to their delivery method, which utilizes a legitimate Google-owned domain for the phishing emails. This creates a façade of authenticity, making it more difficult for users to identify the threat. The primary method of attack involves emails that impersonate Meta and, to a lesser extent, PayPal. A striking revelation from security experts is that, in a single day, 11% of global email threats neutralized came from the Google domain used in this campaign, with 98% of those attempting to deceive Meta users. The attackers exploit Google’s AppSheet platform, leveraging its automation capabilities to scale their operations and bypass strict domain authentication checks that would otherwise catch such threats. Upon receiving these phishing emails, recipients are prompted with alarming messages about security issues with their accounts. The attackers utilize a sense of urgency to manipulate users into clicking a malicious link marked as