- facebook-scams
- phishing-emails
- social-media-security
A new phishing scam disguised as Meta support lures Facebook Page admins into giving away passwords and 2FA codes. Learn how it works and how to protect your business.
Meta Impersonation Scam Hits Facebook Page Admins
A sophisticated phishing campaign is targeting Facebook Page administrators by impersonating Meta's support team. Using social engineering, the scam aims to collect login credentials and two-factor authentication (2FA) codes, putting businesses and personal data at serious risk.
What the Scam Looks Like
The email, titled “Notification: Please Review Your Recent Image Activity”, appears to come from Meta’s “Account Inspection Department” at support(at)platformbyfb(dot)com. Some messages even come from a spoofed “Support Coordination Roo” instead of “Room.”
Recipients are told their Facebook Page is at risk due to a copyright violation and are urged to click a link to “Review Copyright Notice” to avoid page deletion.
Step-By-Step Breakdown of the Scam
- Clicking the link takes users to a fake Meta “Privacy Center” that mimics the real support layout.
- Personal Details: Users are prompted to enter name, email, phone number, and page name.
- Password Harvesting: The system asks for the user’s Facebook password, then falsely claims it’s incorrect to prompt re-entry.
- 2FA Code Collection: The page requests a two-factor authentication code, even looping multiple times to harvest more attempts.
- False Confirmation: A fake message confirms submission of the “appeal” and redirects to the real Facebook login page.
Why It Works
- Professional design: Uses Meta’s branding, icons, and legal language to appear authentic.
- Fear tactics: Threatens account removal in 24 hours to prompt immediate action.
- Mass targeting: Sent to generic business emails like
sales@,info@, andenquiries@.
How to Stay Safe
- Delete suspicious emails: If you get a copyright violation warning and didn’t post any content, it’s likely fake.
- Don’t click suspicious links: Always log in through the official Meta website or app.
- Verify sender details: Check the domain and look for oddities like misspelled names or incorrect formatting.
- Use email protection tools: Consider security services like MailGuard to block phishing attempts before they reach your inbox.
The Cost of One Click
All it takes is one click from a single employee to compromise your business. Scammers rely on moments of panic and urgency to steal data. Investing in real-time email threat protection can save your business from financial loss, data breaches, and reputational damage.
Comments from our readers
Scam alert
Wow, this is a real wake-up call! It's insane how creative these scammers get. Let's all keep our eyes peeled and stick to official sites to avoid falling for these dodgy tactics!
Thanks for the heads up
This is a timely reminder about phishing scams. It's crazy how convincing they can be! Definitely going to be more cautious with my emails now. Appreciate the detailed breakdown of the scam!
Phishing Threat Analysis
This phishing scheme employs sophisticated social engineering tactics, leveraging urgency and official branding to manipulate victims. The method of harvesting both credentials and 2FA codes indicates a well-planned attack vector against Facebook admins. It's crucial for users to be aware of these scams and to adopt multi-layered security strategies to mitigate risks associated with such cyber threats.
Phishing Awareness Needed
While this alert is useful, more emphasis should be placed on educating admins about recognising such scams before they become victims. Prevention is crucial.
Thanks for the warning
I really appreciate this eye-opening article. It's crucial to stay informed about scams like these. Thanks for sharing these vital tips to protect ourselves!
Phishing Vulnerabilities Exposed
This phishing campaign effectively exploits emotional triggers and design mimicry. Enhancing education on these threats is crucial for safeguarding user data against sophisticated attacks.