Thursday, May 8, 2025
Homecyber securityHackers Use Fake Meta Emails to Steal Ad Account Credentials

Hackers Use Fake Meta Emails to Steal Ad Account Credentials

Published on

SIEM as a Service

Follow Us on Google News

A recent phishing campaign uncovered by the Cofense Phishing Defense Center (PDC) has been exploiting fake Meta emails to deceive users into surrendering their Meta Business account credentials.

The attackers initiate the phishing attempt by sending fraudulent emails disguised as official Instagram notifications, alerting users that their advertising accounts have been temporarily suspended due to alleged violations of advertising policies, including references to EU GDPR regulations.

Fake Meta Emails
Malicious Email

Sophisticated Phishing Campaign Targets Meta Business Users

According to Cofense Report, these deceptive emails feature subject lines such as “Critical Advertising Restrictions on Your Account,” creating urgency and prompting immediate action.

- Advertisement - Google News

Users are instructed to click a button labeled “Check more Details,” leading them to a convincingly crafted fake webpage.

Although visually similar to legitimate Meta pages, careful examination reveals discrepancies in the URL, which directs victims to malicious domains like “businesshelp-manager[.]com” instead of authentic Meta domains.

Fake Meta Emails
Meta Phishing Page

Attackers Employ Fake Chat Support and Malicious Two-Factor Authentication

The phishing attack further escalates through sophisticated social engineering tactics involving fake chat support services.

Victims who follow the email link are prompted to enter personal information and engage with a seemingly authentic chatbot designed to mimic Meta’s customer support.

During these interactions, attackers request sensitive details such as screenshots of business account settings and personal information pages, ostensibly for verification purposes.

Additionally, the attackers attempt to gain persistent access by guiding victims through a fraudulent “System Check” procedure.

This method deceitfully instructs users on setting up Two-Factor Authentication (2FA) using an authenticator app controlled by the hackers themselves.

The malicious app, deceptively named “SYSTEM CHECK,” allows attackers to register their devices as trusted login methods, effectively hijacking the victim’s account.

In cases where victims do not engage with the chatbot support, attackers provide detailed step-by-step instructions disguised as self-help guides for resolving account suspension issues.

These instructions similarly lead users into unknowingly configuring malicious 2FA setups, granting attackers alternate avenues for account takeover.

This phishing campaign demonstrates a high degree of sophistication and meticulous attention to detail, leveraging realistic email templates, convincing landing pages, and interactive chatbot experiences.

Such tactics significantly increase the likelihood of successful credential theft and unauthorized account access.

Security experts urge businesses and individual users relying on social media platforms for advertising purposes to exercise heightened vigilance.

Users should meticulously verify sender addresses, carefully inspect URLs before interacting with links or buttons, and remain skeptical of unsolicited communications requesting sensitive information or immediate actions.

Prompt reporting of suspicious activities is essential in mitigating potential damage from evolving cyber threats targeting social media credentials.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup – Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector...

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its...

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...