• Fraud campaign targeting Facebook users with fake messages impersonating official entities
• Tens of thousands of accounts compromised through bait tactics and stolen login credentials

A recent security report has warned of a coordinated online fraud campaign targeting Facebook users, following the leak of tens of thousands of accounts in a sophisticated cyberattack known as “AccountDumpling,” according to Forbes.

Researchers in information security explained that the campaign relies on fake emails reaching users, sometimes claiming to offer the blue verification badge for free, and at other times sending alarming notifications about account suspension or copyright issues.

Security researcher Shaked Chen from Guard.io stated that the attack campaign has already succeeded in compromising around 30,000 accounts.

Investigations indicate that attackers are abusing services belonging to major tech companies, including tools associated with Google, to send phishing messages that appear official—making them more convincing to victims.

The attacks rely on multiple techniques to bypass security systems, including altering sender names and embedding hidden characters in messages, in order to make them appear as if they originate from official sources.

Researchers believe the most dangerous aspect of this campaign is not fear but “enticement,” as scammers lure users with free perks such as verification badges, before tricking them into entering login credentials and two-factor authentication codes.

Experts have warned that these methods target high-value accounts, especially page-managed or business accounts, turning them into a gateway for data leaks or even the sale of hacked accounts on the dark web.