A credential phishing campaign identified by the Cofense Phishing Defense Center targets Meta (Facebook/Instagram) account holders, particularly page administrators, by impersonating Meta's verification badge program. The multi-stage attack chain routes victims through a spoofed Gmail sender to a Google Form, then to a Vercel-hosted phishing page that collects PII, passwords, and 2FA tokens in real time — enabling near-instant account takeover before TOTP codes expire. The abuse of legitimate hosting infrastructure (Google Forms, Vercel) allows the campaign to bypass conventional URL-reputation and email security controls.