Fake Meta Business Suite Alert Scam on Facebook
Scammers send fake Meta Business Suite policy violation alerts to Facebook Page admins, pushing them to a phishing page that steals login credentials and hijacks the business account.
Part of: Fake Meta Business Suite Alert Scam
Last reviewed: 5 July 2026
Because Facebook Page admins rely on genuine Meta Business Suite notifications for account health, ad policy, and copyright issues, a convincing fake alert claiming an urgent violation is one of the most effective ways to get a business owner to hand over their login on the spot.
How this scam works on Facebook
The scam typically arrives as an email or an in-platform message styled to look like an official Meta notification, warning that the Page will be 'restricted within 24 hours' due to a policy violation and providing a button labeled 'Appeal Now' or 'Verify Business.' The link leads to a convincing fake Meta Business Suite login page that captures the admin's email, password, and any two-factor code entered, which is then used in real time to log into the real account before the code expires.
Once inside, the attacker often removes the original admin, changes the Page's linked payment method to run fraudulent ads, or renames the Page entirely to impersonate a well-known brand, all while the original owner is locked out and racing against Meta's support process to regain control.
Common red flags
- An urgent warning claims your Page will be restricted within 24 hours over a vague policy violation
- The 'Appeal Now' link leads to a login page with a URL that isn't Meta's official business.facebook.com domain
- You're asked to enter a two-factor code immediately on the linked page rather than within the real app
- The message contains grammar or formatting inconsistent with Meta's typical official communications
- You lose admin access to your Page shortly after clicking a link or entering credentials
- Your Page's ad account or payment method changes without your authorization
How to protect yourself
- Always navigate to Meta Business Suite directly by typing the URL yourself rather than clicking email or message links
- Enable two-factor authentication using an authenticator app rather than SMS for your Facebook and Business Manager accounts
- Check any alert's sender domain carefully, since real Meta emails come from meta.com or facebookmail.com addresses
- Assign a backup admin to your Page who is not solely reliant on one login for recovery
- Regularly review your Business Manager's list of admins and connected payment methods for unfamiliar entries
- Report suspicious alert messages to Meta rather than acting on them directly
How to report it
- Report the phishing message directly within Meta Business Suite's Support Inbox or Help Center
- Use Meta's dedicated compromised account recovery form to regain access if your Page was hijacked
- Report the phishing email to Meta's dedicated abuse address if received via email
- File a report with your national cybercrime reporting body if funds were charged through a hijacked ad account
Frequently asked questions
How do I know if a Meta Business Suite alert is real?
Check the sender's domain and never click through a link in the message; instead, log into business.facebook.com directly and check your Page's actual quality or policy status there.
What should I do first if I already clicked a fake alert link and entered my password?
Change your Facebook password immediately from a trusted device, revoke active sessions in your security settings, and check your Business Manager for unfamiliar admins or payment methods.