Don't Click! Fake Chat Used in Meta Business Account Phishing
In the digital world of likes, follows, and ad conversions, a single email can unravel your entire marketing infrastructure. That's exactly what a sophisticated phishing campaign discovered by the Cofense Phishing Defense Center (PDC) is exploiting — with fake Meta emails, deceptive chatbots, and even counterfeit support agents.
The Scam
The campaign begins with an urgent email disguised as a Meta/Instagram alert, complete with subject lines like: "Support ID: #xxxx – Critical Advertising Restrictions on Your Account". This phishing email plays on fear — warning that ad accounts have violated EU GDPR or Meta’s ad policies. Victims are encouraged to click a "Check More Details" button, which leads to a legitimate-looking fake Meta page.
However, there's a giveaway clue: the sender address isn’t official — it’s noreply@salesforce[.]com, not a Meta-owned domain. Once on the fake landing page (businesshelp-manager[.]com), victims see a warning that their account may face termination. From there, they’re guided toward a “Request Review” option.
Victims are asked to chat with a support chatbot — seemingly helpful, but 100% malicious. The chatbot requests:
- Business name
- Screenshots of Facebook Business settings
- Contact number
- Personal profile information
Eventually, the victim is told to run a “System Check” — a euphemism for giving the attacker Two-Factor Authentication (2FA) access via their own Authenticator app.
If users don’t fall for the chatbot, the attacker has a Plan B — a DIY-style “setup guide” that leads victims to the same endpoint: handing over control.
The Attack
The attack culminates with a password prompt after clicking “Activate System Check.” Once entered, the attacker can:
- Gain access to the victim's Facebook account
- Impersonate as a 'Secure Login' via Authenticator App
- Interact with victims under the guise of Meta's official support team
Phishing isn’t just about shady links anymore. Today’s attackers are brand impersonation experts, crafting convincing experiences across email, web, and support. Stay alert. Stay skeptical. And always double-check before you click.
You must be logged in to post a comment.
When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
