Facebook Meta Business Phishing Attempts in Grok
These queries to Gemini, ChatGPT and Grok were made as a result of continued emails we had been receiving at CharlesWorks from Meta Business. They indicated someone was attempting admin access to manage a Facebook account that perhaps we managed. I suspected they were Facebook Meta Business phishing attempts messages although was not entirely sure. The AI systems all verified my suspicions.
Included with this prompt was a 15k text file containing the text from the email in question as well as its header information from my Outlook web mail. While my raw file was accepted in ChatGPT and Gemini, I had to change the file’s encoding for Grok to accept it. I originally received an error when trying to upload the text file:
{“code”:12,”message”:”Unsupported text encoding [WKE=file:type-not-supported]”,”details”:[]}
Here is my Grok raw conversation. The ChatGPT conversation and Gemini conversation were in my previous two posts.
I keep getting these emails indicating they are from Facebook and from what I gather, they are indications that someone is attempting to manage a Facebook page we are an admin on. I have marked them as phishing attempts. Is that what they are?
Yes, these are phishing/scam attempts, even though the emails themselves are technically sent by Meta’s real systems.
What’s happening:
Scammers create a fake Business Manager account (often with a deceptive name like “Meta Platforms” or something that sounds official) and send partner requests to your Facebook Page or ad account through Meta’s own platform. Meta then automatically generates and sends a legitimate notification email from no*****@***************ok.com.
This is why:
– The email passes SPF/DKIM/DMARC checks.
– The headers look authentic (as seen in your file).
– It includes real Meta branding and warnings about fraud.
The goal is to trick you into going to Business Suite and approving the partner request. If you do, the scammers gain access to your Page, ad accounts, pixels, etc., which they can then hijack, run unauthorized ads, steal money, or lock you out.
Specifics from your email:
– The “This request is from: Meta Platforms” part is the scammers abusing the system (they name their fake business something official-sounding).
– The m.me/111998437174036 link is suspicious (it’s just a generic Messenger link with no useful public info).
– The email includes the standard “Protect yourself from fraud” text — which is Meta’s own disclaimer, ironically being used against you.
What you should do:
1. Never approve unknown partner requests. Ignore or reject them in Business Suite.
2. Do not click any links in these emails. Instead, log in directly to [business.facebook.com](https://business.facebook.com) or the Meta Business Suite app (type the URL yourself).
3. Review your current partners and remove any you don’t recognize.
4. Check who has admin access to your Pages and ad accounts.
5. Enable extra security like two-factor authentication and login alerts.
You’re right to treat them as suspicious and mark them as phishing — that’s the correct instinct. Unfortunately, this is a widespread campaign right now, and Meta’s system makes it very convincing because the emails are genuine notifications about real (but malicious) requests.
If you go into Business Suite and see pending requests from unknown businesses, deny them immediately. Stay safe!