A new scam promising free verification on Facebook has reportedly affected thousands of users, raising fresh concerns about account security. While Meta offers an official verification process, fraudsters are exploiting the demand for the blue tick to lure users.
Security researchers say more than 30,000 accounts may have already been compromised. Experts at Guard.io have identified the campaign, calling it "AccountDumpling", per Financial Express.
Also Read | Making AI more human-like could increase errors, warns Oxford study
How the scam works
The attackers are targeting high-value accounts, including business profiles, influencers and advertisers. Their goal is to gain control and later sell these accounts on underground markets.
What makes the scam difficult to spot is its use of trusted platforms. Hackers have reportedly exploited Google AppSheet to send phishing emails that appear legitimate. Since these messages are routed through a genuine service, they often bypass spam filters.
The approach combines urgency and appeal. Victims may receive warnings that their accounts are at risk or offers promising free verification without the usual subscription costs.
Inside the phishing trap
Once users click on the link, they are guided through steps that appear official. These include CAPTCHA checks or login prompts. By the end of the process, victims may unknowingly share their passwords and two-factor authentication codes.
Researchers note that attackers are also using advanced techniques to stay undetected. By inserting "invisible characters" and slightly altering text, they can evade automated security systems while still appearing normal to users.
What experts advise
Cybersecurity experts urge caution while dealing with unexpected messages. They recommend avoiding unknown links, especially those claiming urgent account issues or offering free benefits.
Also Read | Social media ads could be scams, here’s how to spot the warning signs
Users are advised to verify any communication through official channels and never share login credentials on untrusted pages. Being alert to phishing attempts that mimic real notifications remains key to protecting accounts.
As scams evolve in complexity, awareness remains one of the most effective safeguards against losing control of personal or business profiles.
