Kaspersky experts have uncovered a new phishing scam targeting businesses that promote their pages on Facebook. Scammers send emails allegedly on behalf of Meta for Business – Facebook’s platform for businesses – claiming the recipient’s page contains prohibited content. The email suggests users provide explanations in order for their account and page to be unblocked. The goal of the attackers is likely to get access to users’ business accounts.

A scam email mimicking an ‘official’ Facebook communication
claiming the user’s account page will be disabled

Kaspersky’s anonymized data shows that such emails started reaching users on December 14, with complaints coming from organizations all over the world, including the Middle East, Turkiye and Africa. By examining the “From” field in the email it can be seen that the domain does not belong to Facebook. According to Kaspersky data the emails that this campaign used were sent from different domains.

The link in the email redirects users to Facebook Messenger. On Messenger, the account posing as Facebook’s support team appears legitimate, creating a false sense of trust. There is an indication that this is a fan page, but it is easy to miss in a situation of high stress after being accused of spreading illegitimate content.

The chat page with a presumed ‘Content Moderation Center’ on Facebook Messenger

This scheme stands out for its sophistication. Unlike earlier scams that accused users of copyright violations and directed them to respond via email, this approach simulates internal communication on the Facebook platform itself.

“In 2025, we anticipate a rise in attacks leveraging social engineering and user trust in major platforms. Scams like this are becoming more sophisticated as attackers strive to mimic official services closely. Users must remain vigilant, verify the authenticity of messages, and avoid clicking on suspicious links. We strongly advise users not to engage with suspicious accounts and to activate additional security measures, such as two-factor authentication. If you receive such an email, report the incident to Facebook’s support team and update your passwords immediately if any information has been compromised,” comments Andrey Kovtun, Email Threats Protection Group Manager at Kaspersky.

A few months ago Kaspersky reported of another Facebook phishing scheme to hijack business accounts.

To be protected from such attacks, Kaspersky recommends:
• Always use two-factor authentication wherever possible
• Pay close attention to notifications about suspicious login attempts
• Make sure all your passwords are both strong and unique. To generate and store them, it’s best to use a password manager
• Carefully check the addresses of pages asking for account credentials: if there’s even the slightest suspicion that a site is fake, do not enter your password
• Equip all work devices with reliable protection that will warn of danger ahead of time and block the actions of both malware and browser extensions