Fake Meta Support Scam Targets Facebook Page Admins With Phishing Trap

3-min Read0 Comments

  • facebook-scams
  • phishing-emails
  • social-media-security

A new phishing scam disguised as Meta support lures Facebook Page admins into giving away passwords and 2FA codes. Learn how it works and how to protect your business.

Meta Impersonation Scam Hits Facebook Page Admins

A sophisticated phishing campaign is targeting Facebook Page administrators by impersonating Meta's support team. Using social engineering, the scam aims to collect login credentials and two-factor authentication (2FA) codes, putting businesses and personal data at serious risk.

What the Scam Looks Like

The email, titled “Notification: Please Review Your Recent Image Activity”, appears to come from Meta’s “Account Inspection Department” at support(at)platformbyfb(dot)com. Some messages even come from a spoofed “Support Coordination Roo” instead of “Room.”

Recipients are told their Facebook Page is at risk due to a copyright violation and are urged to click a link to “Review Copyright Notice” to avoid page deletion.

Step-By-Step Breakdown of the Scam

  1. Clicking the link takes users to a fake Meta “Privacy Center” that mimics the real support layout.
  2. Personal Details: Users are prompted to enter name, email, phone number, and page name.
  3. Password Harvesting: The system asks for the user’s Facebook password, then falsely claims it’s incorrect to prompt re-entry.
  4. 2FA Code Collection: The page requests a two-factor authentication code, even looping multiple times to harvest more attempts.
  5. False Confirmation: A fake message confirms submission of the “appeal” and redirects to the real Facebook login page.

Why It Works

  • Professional design: Uses Meta’s branding, icons, and legal language to appear authentic.
  • Fear tactics: Threatens account removal in 24 hours to prompt immediate action.
  • Mass targeting: Sent to generic business emails like sales@, info@, and enquiries@.

How to Stay Safe

  • Delete suspicious emails: If you get a copyright violation warning and didn’t post any content, it’s likely fake.
  • Don’t click suspicious links: Always log in through the official Meta website or app.
  • Verify sender details: Check the domain and look for oddities like misspelled names or incorrect formatting.
  • Use email protection tools: Consider security services like MailGuard to block phishing attempts before they reach your inbox.

The Cost of One Click

All it takes is one click from a single employee to compromise your business. Scammers rely on moments of panic and urgency to steal data. Investing in real-time email threat protection can save your business from financial loss, data breaches, and reputational damage.