Phishing Alert: Fake Meta Emails Target Aussie Businesses with Policy Scare Tactics

• meta-scams
• phishing-alert
• online-security

A new phishing campaign impersonates Meta Business Support, targeting Australians with fake policy violation notices. Learn how to protect your account from this data-harvesting scam.

Meta Phishing Campaign Hits Australian Businesses

A new wave of phishing emails impersonating Meta has been intercepted by MailGuard, and it’s targeting Australian business owners with alarming claims of policy violations and harmful content. The campaign is highly manipulative, using urgent, emotionally charged language and a sophisticated multi-stage data collection strategy.

What Does the Scam Look Like?

The emails come from fake Meta departments like “Meta Business Support” or “Community Standards Violation Notice,” warning users that their fan page or ad account has breached terms of service. Subject lines might reference copyright violations, hate-based content, or automated manipulation.

Though the sender name appears legitimate, the actual domain—thoimmo.com—is suspicious, and email addresses are randomly generated.

What Happens If You Click the Link?

Clicking “Lodge a complaint now” leads to a fake Meta Ads landing page designed to mirror Meta’s real business support dashboard. This phishing site walks users through several steps, collecting increasingly sensitive information:

• Your Facebook name, birthday, and mobile number
• Your Meta password
• A multi-factor authentication (MFA) login code
• A photo of your official ID

After completing the form, users are redirected to the official Meta website to avoid suspicion.

Why This Scam Is So Dangerous

This phishing attack is dangerous for both individuals and businesses. It is designed to:

• Hijack Meta business and ad accounts
• Steal login credentials and financial data
• Bypass MFA protections
• Harvest identity documents for future fraud

Signs You’re Being Targeted

MailGuard recommends deleting these emails immediately. Here’s what to watch out for:

• Emails claiming urgent policy violations or community standards breaches
• Senders from unknown or suspicious domains like thoimmo.com
• Landing pages that request Facebook name, birthday, password, or ID uploads
• Messages using terms like "G'day" or "mate" to appear Australian

Tips to Stay Safe

• Never click suspicious links: Access Meta accounts only through official apps or bookmarked URLs.
• Verify sender addresses: Double-check that emails actually come from @facebookmail.com or another trusted domain.
• Enable 2FA: Turn on two-factor authentication through Meta’s official security settings.
• Report phishing emails: Use Meta’s Help Centre to report fake messages and phishing sites.

Phishing scams are becoming increasingly deceptive. By staying informed and cautious, you can protect your business and personal information from falling into the wrong hands.