Meta Business Manager phishing email attack illustration

Cybercriminals are exploiting Meta Business Manager to launch a large-scale phishing campaign targeting businesses worldwide. Instead of using fake emails, attackers are abusing legitimate platform features to send notifications from real domains like facebookmail.com, making these phishing attempts highly convincing and difficult to detect.

Meta Business Manager phishing email attack illustrationMeta Business Manager phishing email attack illustration

The attack begins with fake business pages designed to mimic trusted brands. Using the platform’s partner request feature, attackers send genuine-looking email invitations that redirect users to counterfeit login pages hosted on external domains. Victims unknowingly enter their credentials and even 2FA codes, allowing attackers to take full control of accounts, run fraudulent ads, and misuse business assets.

Meta Business Manager phishing email attack illustrationMeta Business Manager phishing email attack illustration

Security researchers from report that over 40,000 phishing emails have targeted thousands of organizations globally. Businesses are advised to avoid clicking email links, verify requests directly on official platforms, and regularly audit account access to prevent financial loss and reputational damage.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net