A new phishing scam targeting Facebook business accounts has been uncovered by Kaspersky experts. Learn how scammers are tricking users with fake emails and what steps you can take to protect your business.

A newly uncovered phishing scam has raised alarms among businesses promoting their services on Facebook. Discovered by Kaspersky experts, this scam targets Facebook business users through deceptive emails that falsely claim to come from Meta for Business. The emails warn users that their pages contain prohibited content and ask for an explanation to unlock the account. In reality, the attackers’ aim is to steal login credentials and gain unauthorized access to business accounts.

How the Scam Works: Fake Emails and Impersonation


The scam begins with an email that mimics an official message from Facebook's business platform, Meta for Business. The email alleges that the recipient's page has been flagged for violating Facebook’s content policies and threatens to shut it down unless the user provides an explanation. This email, however, is entirely fraudulent.

Kaspersky's analysis reveals that the scam emails began circulating on December 14, with complaints coming from businesses worldwide. Upon inspection, the email's "From" field shows a domain that does not belong to Facebook, revealing the scam. Additionally, the email contains a link that redirects users to Facebook Messenger, where attackers impersonate Facebook’s support team.

Impersonation on Facebook Messenger: A More Sophisticated Approach


The attack takes a step further by moving the conversation to Facebook Messenger, creating a sense of legitimacy. The attackers pose as Facebook’s support team, leading victims to believe they are communicating with an official representative. The fake account even suggests that it is a fan site, a detail that is easy to overlook during a stressful situation.

Unlike previous scams that directed users to email communication, this scam uses Facebook Messenger to simulate an internal communication process, making it harder for users to detect. The use of social engineering tactics in this scam is a clear sign that cybercriminals are becoming increasingly sophisticated in mimicking official platforms.

Kaspersky’s Warning: Increasingly Sophisticated Attacks


According to Andriy Kovtun, manager of Kaspersky's email protection group, the rise of social engineering attacks is expected to increase in 2025, as attackers continue to refine their methods. These scams are becoming more convincing, with attackers closely imitating official services to gain users' trust.

Kovtun advises users to exercise caution when receiving unsolicited messages. He urges users to verify the authenticity of all communications, avoid clicking on suspicious links, and implement security measures such as two-factor authentication. He also recommends reporting suspicious emails to Facebook’s support team and updating passwords if there is any concern of a security breach.

Kaspersky’s Tips for Protection


To safeguard against phishing attacks, Kaspersky offers the following advice for business owners and users:

  • Enable two-factor authentication (2FA): Always use 2FA when available to add an extra layer of security.

  • Monitor login attempts: Pay attention to any suspicious login notifications and take immediate action if necessary.

  • Use strong, unique passwords: Passwords should be complex and different for each account. A password manager can help generate and store secure passwords.

  • Check website URLs carefully: Be cautious when entering login details on websites. If the URL looks suspicious, do not proceed.

  • Use reliable security software: Equip all devices with trusted security software that can detect threats and block malicious software.

Stay Vigilant Against Growing Threats


As the tactics used by cybercriminals continue to evolve, it is essential for businesses to remain vigilant and adopt robust security practices. This latest Facebook business scam highlights the need for users to be proactive in protecting their accounts from phishing attacks. By following Kaspersky’s advice and remaining cautious, users can significantly reduce their risk of falling victim to these increasingly sophisticated scams.