Thank You!

A blue verification badge is supposed to signal trust. In this campaign, that trust became the bait. Hornetsecurity’s Threat Intelligence Lab recently analyzed a phishing campaign impersonating Facebook/Meta and targeting French-speaking Facebook Page owners and administrators. The campaign was initially distributed through the abuse of Google’s AppSheet platform, helping the phishing emails appear more trustworthy. Instead of relying on a classic “your account will be suspended” scare tactic from the start, the lure begins with a more positive pretext: the recipient’s Page is allegedly eligible for an official verification badge.

This edition of the Monthly Threat Report focuses on industry events from the month of May 2026. As a news and commentary edition, this month’s report prioritizes depth on emerging threats and industry research over statistical data sections. 

In the observed sample, the chain reaches the legitimate Microsoft device-authentication experience. The victim is shown a short code, enters it into the Microsoft flow, and is then prompted to sign in. The visible Microsoft prompt indicates that the user is signing in to Microsoft Authentication Broker on another device. 

In plain terms, World Cup scams thrive on urgency, scarcity, and emotion. Still, for fans, the biggest risks include fake tickets, travel and hotel phishing, resale fraud, bogus visa help, fake merchandise, unofficial streams, malicious apps, event-themed emails or QR codes that steal credentials or money, and more.