If you received an urgent email about your Substack account, would you trust it?

The orher week, 30,000 Facebook Business owners trusted just such an email. The emails claimed to be from Meta Support but were sent via a real Google-owned service called AppSheet.

Attackers used it as a relay specifically because trusted Google infrastructure clears spam filters. The sender address wasn't faked. It just wasn't what the email claimed to be about.

The ruse worked though.

Credentials, government ID photos, and 2FA codes were handed over and routed directly to an attacker-controlled Telegram channel.

Key takeaway is that the spam filter wasn't fooled. It worked correctly. Spam filters won’t save you in this type of attack.

Harder target move:

If an email threatens your account, close it and go directly to the site. Don’t click the link in the email.