A devious phishing campaign hijacks a genuine Meta business feature to send fraudulent emails as they actually come from Meta’s own address.



  • Huntress discovers a phishing campaign abusing Meta business account email infrastructure and impersonating the Meta Agency Partner Program
  • Victims were tricked into handing over credentials, which attackers exfiltrated to Telegram to take over accounts, serve fraudulent ads, and conduct spear phishing.
  • Meta has since added security barriers that killed the campaign; Huntress released IoC to help organizations detect related activities

Hackers are abusing one and posing as another legitimate Metaservice to try to steal login credentials for people’s business accounts at the company.

Meta, owner of Facebook, Instagram, WhatsApp and more, allows businesses to set up separate accounts and talk to each other. Emails sent from one to another pass through the company’s infrastructure, so they are shown as coming from Meta itself.

Leave a Comment

Your email address will not be published. Required fields are marked *