Warning: Fake Meta Emails Target Advertisers to Steal Login Credentials

New Phishing Scam Targets Meta Advertisers with Fake Account Suspension Alerts 

A sophisticated phishing campaign is targeting businesses that advertise on Meta platforms, tricking users with fraudulent emails claiming, "YOUR ADS ARE TEMPORARILY SUSPENDED." 

How the Scam Works 

• Victims receive an urgent email citing alleged Instagram Advertising Policy and GDPR violations, pressuring them to act quickly. 
• The email, disguised with Instagram branding and official-sounding language, urges recipients to click a "Check more details" button. 
• However, the sender address, such as “عنوان البريد الإلكتروني هذا محمي من روبوتات السبام. يجب عليك تفعيل الجافاسكربت لرؤيته.”, reveals its fraudulent nature. 

Sophisticated Account Takeover Tactics 

• Clicking the link redirects users to a fake Meta Business Help page (e.g., “businesshelpmanager.com”) designed to mimic real Meta support. 
• The page warns of imminent account suspension, coercing users into engaging with a fake support chat or following deceptive recovery steps. 
• The ultimate goal? Tricking victims into adding the attacker’s “SYSTEM CHECK” authenticator app as a two-factor authentication (2FA) method, granting hackers persistent access. 

The Final Trap: Credential Theft 

• Users are asked to click “Activate System Check”, which resets their session and leads to a cloned Meta login page. 
• Entering credentials here hands full control to the attackers. 
• The phishing infrastructure includes multiple domain redirects and IP addresses, such as 44.238.235.1 and 52.35.19.120, to evade detection. 

The chat support experience is especially convincing, with attackers asking for business account screenshots, explaining the supposed violations, and requesting personal information from victims. 

While all these interactions in this report appear legitimate to the unsuspecting users. 

How to Stay Safe 

Verify email senders—legitimate Meta emails won’t come from unknown domains. 
Check URLs carefully before logging in or clicking links. 
Never add unknown authenticator apps to your account. 
Contact Meta directly through official channels if you receive suspicious notifications. 

This campaign underscores the growing sophistication of phishing attacks—stay alert to protect your business and online presence. 

Found this article interesting? Follow us on X(Twitter)  and Instagram to read more exclusive content we post.