Beware of fake Meta emails from hackers that steal your ad account logins

A dangerous phishing campaign is targeting businesses that advertise on Meta platforms like Facebook and Instagram. Hackers are sending fake emails claiming that users’ ad accounts have been suspended due to policy violations. These emails trick victims into clicking malicious links that steal login credentials and grant attackers full control over their accounts.

  • Fraudulent emails claim “YOUR ADS ARE TEMPORARILY SUSPENDED” and urge immediate action.

  • Attackers use fake Meta Business pages (e.g., "businesshelpmanager.com") to mimic official Meta support.
  • Victims are tricked into adding a hacker-controlled authenticator app labeled "SYSTEM CHECK."
  • The phishing page convincingly replicates Meta’s login system to steal credentials.
  • Attackers use multiple domain redirects and social engineering to bypass security.

How the Attack Works

  • Victims receive an email that appears to be from Instagram or Meta, warning them about ad policy violations. The email contains urgent language, pressuring users to click a "Check more details" button.
  • Once clicked, users are redirected to a fake Meta support page that looks identical to the real one. The page claims that immediate action is required to prevent account suspension.
  • Hackers take the scam further by offering fake “support chat” sessions, making the interaction seem legitimate. Eventually, victims are instructed to install an unauthorized authenticator app or enter their Facebook password on a phishing site, handing full control of their account to cybercriminals.

Cybercriminals are becoming more sophisticated in their phishing tactics, and businesses relying on Meta advertising need to stay alert. This scam is designed to create panic, pushing users to act quickly without verifying the source. Always double-check emails and never enter your login credentials on unverified sites. Stay informed and protect your digital assets from these evolving threats.