Resources and Other Helpful Digital Marketing Content To Guide You On Your Digital Journey!

Here at WSI, we believe it is important to share our ideas and success stories to help make YOU smarter. We think our Blog is a great way to get started, as well as guide you to your own success.

Warning: New Phishing Scam Targeting Meta Business Accounts

Digital Marketing

Warning: New Phishing Scam Targeting Meta Business Accounts

Elle Humphries by Elle Humphries

Director of Marketing

Contact author Full biography

Full biography

Elle has been involved with the WSI Team and has been helping them simplify the internet since 2016 when she came on board as a marketing intern. Elle became a full-time digital strategist in May of 2017, in which she focuses her talents on Project Management and Digital Marketing for the WSI team.

Elle is now the Director of Marketing for WSI as she brings many attributes to the table, such as social media marketing, email marketing, display/search marketing, search engine optimization, content creation, customer relationship management, project management, and more!

x

Summary:

Cybersecurity experts are warning businesses about an uptick in phishing attacks aimed at Meta Business accounts. These scams, disguised as legitimate communications from Meta, are designed to steal two-factor authentication (2FA) codes, giving threat actors (the “bad guys”) access to your business's Meta account.

Loading the Elevenlabs Text to Speech AudioNative Player...

Please enjoy this narrated version of our recent article read by "AI" for your listening pleasure. And, if you'd like to explore AI strategies like this, get in touch!

Here at WSI, we work with a number of community banks that use Facebook to connect and keep in touch with their communities and customers, so this is a big deal. That’s why we’ve put together this helpful resource to provide you with everything you need to know to protect yourself and your bank.

How the Scam Works

In this recent wave of phishing campaigns, attackers are targeting employees in marketing roles—individuals who are most likely to be using Meta’s suite of business tools. The phishing emails typically warn the recipient that their Meta Business account is about to be suspended due to a policy violation. The email will encourage them to click on a link to appeal the decision or resolve the issue.

However, this link leads to a fake page designed to collect sensitive information, including the user's business email and login credentials. The malicious pages will often ask the user to perform a “System Check,” a seemingly innocuous task that, in reality, is the first step to enabling the scam.

What makes these emails and messages convincing?

  • The emails are sent from addresses like noreply@salesforce.com, which appears official at first glance.
  • The subject lines often create a sense of urgency, such as “Immediate Action Required” or “Your Account Violated Our Copyright Standards and Policies.”
  • The email body will include language about policy violations and sometimes a warning about the account being locked.
  • The “appeal” link often redirects to domains that impersonate Meta's security pages, like metasecurityai.com or securityhelpcheck.com
  • You may also receive official emails from @global.metamail.com and @metamail.com.
  • The email might even include fake Meta branding or odd-looking "Facebook" text that appears slightly off, signaling it could be fake.
Email Scam Example

Caption: Meta impersonation email urging the recipient to click on the link to review their account. (Image Source: Target CTI)

Emails from Instagram or Facebook about your account will only come from @mail.instagram.com, @facebookmail.com or @account.meta.com.

What Happens After You Click the Link

Once you click on the phishing link, you’ll be directed to a page that requests your Meta account information, including your business email and a 2FA code. The page will then guide you through a process to get a two-factor authentication code from your real Facebook account.

Once you provide the code, the attackers can use it to fully access your Meta Business account, and they can do whatever they want - NOT good!

Why Is This So Dangerous?

Having access to your Meta Business account is a goldmine for cybercriminals. Here’s what they can do with it:

  • Post Malicious Content: Attackers can create ads or publish posts and stories that redirect traffic to malicious websites.
  • Social Engineering: With access to your account, they can use your Meta account to trick your Facebook contacts, leading to even more compromised accounts.
  • Ransom: Attackers may hold your Meta Business account for ransom, demanding payment to regain control of it.

How to Protect Yourself

Organizations and users should be extra cautious if they receive suspicious emails about their Meta Business account. Here are some key steps to protect yourself:

  • Don’t Trust the Link: If you receive an email urging you to “review” your Meta Business account, avoid clicking on any links in the email. Always log into your account directly through the official Meta website to check for any updates or issues.
  • Be Cautious of 2FA Requests: Any page asking you to go to your real Facebook account to retrieve a 2FA code is a major red flag. Meta will never ask for this information through email.
  • Report Suspicious Emails: If you’re unsure about the legitimacy of an email, report it to your company’s cybersecurity team or Meta’s support.
  • Educate Your Team: Make sure all employees, especially those working in marketing or other roles that involve Meta Business, are aware of this phishing scheme.

Indicators of Compromise (IOC)

While these types of messages are not always obvious, in many cases, they can be easy to spot if you know what to look for. Here are some typical indicators that an email is trying to compromise your account: 

  • Subject Lines:
    • “Update to Meta Workspace to Avoid Account Deletion”
    • “Immediate Action Required to Resolve Account Restrictions”
    • “Action Required: Potential Exploit Detected on Your Account”
  • Malicious Domains:
    • metasecurityai.com 
    • workplace.metaforlivechat.com
    • app.metaforsystemcheck.com
  • Sender Display Names:
    • Meta Account Review
    • Meta Security AI
    • Workplace Support
    • Meta Policy

What to Do If You’ve Been Targeted

If you suspect that you’ve fallen victim to this scam, here’s what to do:

  1. Change your Meta password immediately.
  2. Revoke any unauthorized access via your Meta Business settings.
  3. Enable 2FA if you haven't already done so.
  4. Report the phishing attempt to Meta and your organization's cybersecurity team.

Staying vigilant and following these simple precautions can help protect you and your business from falling victim to this scam. 

Need Help or Have Questions?

If you believe your Meta Business account has been compromised or if you have any questions about phishing scams, don’t hesitate to reach out to us. Our team is here to help you safeguard your online presence and ensure your business stays secure. Contact us today for expert advice and assistance in protecting your digital assets from evolving cyber threats.

Facebook Business Messenger Examples:

Print
119
VIEW ALL BLOG POSTS

Contact author

x
scroll top