Phishing alert: Sophisticated scam targets businesses through Facebook ads

Kaspersky experts have uncovered a new phishing scam targeting businesses advertising on Facebook. Cybercriminals are impersonating Meta for Business, the platform dedicated to enterprise users, and sending fraudulent emails claiming that the recipient’s page contains prohibited content. These emails prompt businesses to provide sensitive information under the guise of unlocking their accounts and pages. The attackers’ ultimate goal is to gain access to these professional accounts.

Kaspersky’s anonymized data reveals that emails mimicking these fraudulent communications started reaching Facebook users on December 14, 2024. These phishing attempts have targeted businesses worldwide, including in France. A closer inspection of the sender's field in the email shows that the domain used does not belong to Facebook. According to Kaspersky, these emails are distributed from multiple servers, further complicating detection.

The email includes a link that redirects potential victims to Facebook Messenger. There, attackers use a fake support account that appears legitimate to create a false sense of trust. While the account is labeled as a fan page, this detail can be easily overlooked, especially in high-stress scenarios where recipients fear losing access to their accounts due to alleged violations.

This scam stands out for its sophistication. Unlike older phishing methods that accused users of copyright infringement and solicited replies via email, this new tactic simulates internal communication on Facebook’s platform itself.

Andrey Kovtun, Email Threats Protection Group Manager at Kaspersky, highlights the escalating risk: “In 2025, we anticipate a rise in attacks leveraging social engineering and user trust in major platforms. These scams are becoming increasingly sophisticated, with attackers striving to closely replicate official services. We urge vigilance—verify the authenticity of messages, avoid clicking on suspicious links, and refrain from engaging with dubious accounts. Enabling additional security measures, such as two-factor authentication, is highly recommended. If you receive a similar email, report the incident to Facebook’s support team and immediately update your passwords if your information has been compromised.”

This discovery follows a previous report by Kaspersky of another phishing scheme on Facebook targeting business accounts.