Fake Meta/Facebook IT Helpdesk Credential Scam
Scammers impersonate Meta's internal IT or security operations team to contact Facebook employees or Business Suite users with phishing requests for 'mandatory security re-verification' that harvests corporate or personal credentials.
Part of: Fake IT Helpdesk Credential Scams
Last reviewed: 8 June 2026
Meta employs a large workforce and operates a sophisticated internal IT infrastructure. External attackers sometimes research Meta's organizational structure through LinkedIn to identify plausible internal IT team members to impersonate, then target Meta employees or Meta Business Suite administrators.
For the broader consumer audience, the same approach is adapted: messages impersonating 'Meta Security Operations' or 'Facebook Business Support IT' are sent to business page administrators claiming that a mandatory policy requires re-verification of their Business Manager account.
The goal in both cases is to harvest credentials for high-value accounts — Meta Business Manager accounts control significant advertising budgets and can be used to place fraudulent ad campaigns charged to the victim's card.
How this scam works on the Meta/Facebook brand
A Facebook Business page administrator receives an email from [email protected] stating that Meta's security team has flagged their Business Manager account for an irregular login and that re-verification is mandatory within 48 hours to avoid restrictions.
The email links to a page at meta-business-verify.com that displays a Meta-styled login form. After entering credentials, the victim is shown a fake 'verification in progress' screen. The attacker uses the stolen credentials to access the Business Manager, run fraudulent ads charged to the victim's billing method, and change the account's admin email to lock out the victim.
For actual Meta employees, spear-phishing attacks impersonate the internal IT help desk via LinkedIn InMail, directing targets to a fake internal portal.
Common red flags
- Meta IT and security communications to employees use internal channels — not external emails from domains like meta-business-hub.com.
- Meta Business Support contacts come from @meta.com or @facebookmail.com — any other domain is fraudulent.
- You are asked to sign in to a Business Manager verification page outside business.facebook.com or facebook.com.
- The message creates urgency around a 48-hour deadline for account re-verification.
- After entering credentials on the 'verification' page, you are shown a waiting screen rather than being signed in to a genuine dashboard.
- The linked portal requires you to enter both your password and your current two-factor code on the same page.
How to protect yourself
- Access Meta Business Manager only at business.facebook.com — typed directly into the browser.
- Enable two-factor authentication on your Meta Business accounts and use an authenticator app rather than SMS.
- If you entered credentials on a fraudulent page, immediately change your Facebook and Meta account passwords and review admin access in Business Manager settings.
- Review linked payment methods and pause any active ad campaigns to prevent fraudulent spend.
- Report the incident to Meta's Business Help Center at business.facebook.com/help.
How to report it
- Report the phishing attempt via Meta's Business Help Center at business.facebook.com/help.
- Report the domain to the Anti-Phishing Working Group at [email protected].
- Report financial losses to the FTC at ReportFraud.ftc.gov.
- UK businesses: report to Action Fraud at actionfraud.police.uk.
Frequently asked questions
How does Meta contact Business Manager administrators about genuine security issues?
Meta sends genuine Business Manager security alerts to the email address registered on the account from @facebookmail.com or @meta.com, and also shows notifications within the Business Manager dashboard at business.facebook.com.
My Meta Business Manager was compromised — how do I regain access?
Go to facebook.com/hacked if your personal Facebook account linked to the Business Manager is compromised, or follow the Business Manager recovery process at business.facebook.com/accountquality. Also contact Meta Business Support directly through the Help Center.
Can fraudulent ads run on my account cost me money?
Yes. If an attacker gains access to your Meta Business Manager, they can create and run ad campaigns charged to your saved payment method. Review your Billing section in Ads Manager immediately if you suspect compromise and remove the payment method until the account is secured.