A sneaky phishing campaign hijacks a real business feature of Meta to send fraudulent emails because they actually come from Meta’s own address.


  • Huntress Uncovers Phishing Campaign Abusing Meta Business Account Email Infrastructure and Impersonating Meta Agency Partner Program
  • Victims were tricked into handing over their credentials, which the attackers exfiltrated to Telegram for account takeover, fraudulent advertising, and targeted phishing.
  • Meta has since added guardrails that have killed the campaign; Huntress has released IoCs to help organizations detect related activities

Hackers abuse this and impersonate another legitimate Meta service to try to steal login credentials from the company’s business accounts.

Meta, owner of Facebook, Instagram, WhatsApp and more, allows businesses to create separate accounts and talk to each other. Emails sent from one to the other pass through the company’s infrastructure, that is, they are displayed as coming from Meta itself.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top