Find notable cyber news and cases, enriched with sources, timelines, and signals.

BitB phishing campaign targeting Facebook users

Campaign
First reported
Last updated
Happening score
H score 38
2 unique sources, 2 articles

Summary

Hide ▲

A six-month phishing campaign is using browser-in-the-browser (BitB) fake login pop-ups to steal Facebook credentials, increasing the risk of account takeover and identity fraud. The operation targets Facebook users with lures such as copyright infringement notices, account suspension warnings, and fake Meta security alerts. Attackers also use shortened URLs and trusted cloud hosting on Netlify and Vercel to make the pages look legitimate and evade filters. Some phishing pages mimic Meta's Privacy Center and collect personal data in addition to login credentials.

Related Happenings

Meta For Business Facebook Messenger fake-verification phishing campaign

Campaign
H score29 First: 07.07.2026 10:00 Last: 07.07.2026 10:00 Sources 1

About this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...

Sniper Dz MENA fake Facebook phishing and monetization campaign

Campaign
H score30 First: 15.06.2026 09:30 Last: 15.06.2026 09:30 Sources 1

About this happening: A **Sniper Dz** fraud campaign is targeting **users across the Middle East and North Africa** with **fake Facebook accounts** that impersonate politicians, public figures, and tru...

Meta AI-powered support tools abused in Instagram account recovery flow

Security Tool/Service
H score26 First: 02.06.2026 18:47 Last: 02.06.2026 18:47 Sources 1

About this happening: **Instagram accounts** were hijacked after attackers abused **Meta’s AI-powered support tools** to pass recovery checks and change the recovery email, creating a direct failure in...

Ghost Stadium FIFA World Cup fraud campaign

Campaign
H score41 First: 27.05.2026 14:28 Last: 27.05.2026 14:28 Sources 1

About this happening: A **Ghost Stadium**-linked **FIFA impersonation fraud campaign** is targeting **2026 FIFA World Cup** fans with cloned **fifa.com** pages, fake ticket and hospitality offers, and...

Vercel v0.dev phishing campaign using GenAI-built lure pages

Campaign
H score29 First: 07.05.2026 11:30 Last: 07.05.2026 11:30 Sources 1

About this happening: A campaign using **Vercel v0.dev** to build **highly convincing phishing pages** has lowered the skill and cost needed to run fraudulent sign-in and job-lure attacks. The activity...

Timeline

  1. 12.01.2026 23:05 3 articles · 5mo ago

    BitB phishing campaign targets Facebook users

    Initial Disclosure

    Over the past six months, cybercriminals increasingly used browser-in-the-browser (BitB) fake login pop-ups to trick Facebook users into entering credentials, then abuse the stolen accounts for scams, personal-data harvesting, or identity fraud. Recent lures impersonate law firms with copyright infringement notices, urgent account-suspension warnings, and Meta security alerts about unauthorized logins, while shortened URLs, fake Meta CAPTCHA pages, and phishing pages hosted on Netlify and Vercel help the pages look legitimate. Some pages mimic Meta's Privacy Center portal and redirect users to appeal forms that collect personal information.

    Show sources