BitB phishing campaign targeting Facebook users
Campaign
Summary
Hide ▲
Show ▼
A six-month phishing campaign is using browser-in-the-browser (BitB) fake login pop-ups to steal Facebook credentials, increasing the risk of account takeover and identity fraud. The operation targets Facebook users with lures such as copyright infringement notices, account suspension warnings, and fake Meta security alerts. Attackers also use shortened URLs and trusted cloud hosting on Netlify and Vercel to make the pages look legitimate and evade filters. Some phishing pages mimic Meta's Privacy Center and collect personal data in addition to login credentials.
Related Happenings
Vercel v0.dev phishing campaign using GenAI-built lure pages
Campaign
First: 07.05.2026 11:30
Last: 07.05.2026 11:30
Sources 1
About this happening:
A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
Vercel v0.dev phishing campaign using GenAI-built lure pages
CampaignAbout this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...
AccountDumpling Google AppSheet Facebook phishing campaign
Campaign
First: 01.05.2026 21:09
Last: 01.05.2026 21:09
Sources 1
About this happening:
A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
AccountDumpling Google AppSheet Facebook phishing campaign
CampaignAbout this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...
TikTok for Business phishing campaign using Turnstile and reverse proxy
Campaign
First: 26.03.2026 16:09
Last: 26.03.2026 16:09
Sources 1
About this happening:
A **phishing campaign** is targeting **TikTok for Business accounts** and uses **Cloudflare Turnstile** to block automated analysis before exposing a **reverse-proxy** credential-...
TikTok for Business phishing campaign using Turnstile and reverse proxy
CampaignAbout this happening: A **phishing campaign** is targeting **TikTok for Business accounts** and uses **Cloudflare Turnstile** to block automated analysis before exposing a **reverse-proxy** credential-...
Meta rolls out anti-scam tools for WhatsApp, Facebook, and Messenger
Security Tool/Service
First: 12.03.2026 15:17
Last: 12.03.2026 15:17
Sources 1
About this happening:
Meta introduced **new anti-scam protections** across **WhatsApp**, **Facebook**, and **Messenger**, adding warnings and detection features to reduce scam abuse against users. The...
Meta rolls out anti-scam tools for WhatsApp, Facebook, and Messenger
Security Tool/ServiceAbout this happening: Meta introduced **new anti-scam protections** across **WhatsApp**, **Facebook**, and **Messenger**, adding warnings and detection features to reduce scam abuse against users. The...
Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims
Campaign
First: 11.03.2026 16:45
Last: 11.03.2026 16:45
Sources 1
About this happening:
A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...
Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims
CampaignAbout this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...
Timeline
-
12.01.2026 23:05 3 articles · 4mo ago
BitB phishing campaign targets Facebook users
Initial DisclosureOver the past six months, cybercriminals increasingly used browser-in-the-browser (BitB) fake login pop-ups to trick Facebook users into entering credentials, then abuse the stolen accounts for scams, personal-data harvesting, or identity fraud. Recent lures impersonate law firms with copyright infringement notices, urgent account-suspension warnings, and Meta security alerts about unauthorized logins, while shortened URLs, fake Meta CAPTCHA pages, and phishing pages hosted on Netlify and Vercel help the pages look legitimate. Some pages mimic Meta's Privacy Center portal and redirect users to appeal forms that collect personal information.
Show sources
- Facebook login thieves now using browser-in-browser trick — www.bleepingcomputer.com — 12.01.2026 23:05
- Facebook login thieves now using browser-in-browser trick — www.bleepingcomputer.com — 12.01.2026 23:05
- Phishing Scams Exploit Browser-in-the-Browser Attacks to Steal Facebook Passwords — www.infosecurity-magazine.com — 13.01.2026 16:40