Day: June 3, 2026

Grok: Facebook Meta Business Phishing Attempts

Facebook Meta Business Phishing Attempts in Grok

These queries to Gemini, ChatGPT and Grok were made as a result of continued emails we had been receiving at CharlesWorks from Meta Business. They indicated someone was attempting admin access to manage a Facebook account that perhaps we managed. I suspected they were Facebook Meta Business phishing attempts messages although was not entirely sure. The AI systems all verified my suspicions.

Included with this prompt was a 15k text file containing the text from the email in question as well as its header information from my Outlook web mail. While my raw file was accepted in ChatGPT and Gemini, I had to change the file’s encoding for Grok to accept it. I originally received an error when trying to upload the text file:
{“code”:12,”message”:”Unsupported text encoding [WKE=file:type-not-supported]”,”details”:[]}

Here is my Grok raw conversation. The ChatGPT conversation and Gemini conversation were in my previous two posts.

I keep getting these emails indicating they are from Facebook and from what I gather, they are indications that someone is attempting to manage a Facebook page we are an admin on. I have marked them as phishing attempts. Is that what they are?

Grok AI logoYes, these are phishing/scam attempts, even though the emails themselves are technically sent by Meta’s real systems.

What’s happening:

Scammers create a fake Business Manager account (often with a deceptive name like “Meta Platforms” or something that sounds official) and send partner requests to your Facebook Page or ad account through Meta’s own platform. Meta then automatically generates and sends a legitimate notification email from no*****@***************ok.com.

This is why:
– The email passes SPF/DKIM/DMARC checks.
– The headers look authentic (as seen in your file).
– It includes real Meta branding and warnings about fraud.

The goal is to trick you into going to Business Suite and approving the partner request. If you do, the scammers gain access to your Page, ad accounts, pixels, etc., which they can then hijack, run unauthorized ads, steal money, or lock you out.

Specifics from your email:

– The “This request is from: Meta Platforms” part is the scammers abusing the system (they name their fake business something official-sounding).
– The m.me/111998437174036 link is suspicious (it’s just a generic Messenger link with no useful public info).
– The email includes the standard “Protect yourself from fraud” text — which is Meta’s own disclaimer, ironically being used against you.

What you should do:

1. Never approve unknown partner requests. Ignore or reject them in Business Suite.
2. Do not click any links in these emails. Instead, log in directly to [business.facebook.com](https://business.facebook.com) or the Meta Business Suite app (type the URL yourself).
3. Review your current partners and remove any you don’t recognize.
4. Check who has admin access to your Pages and ad accounts.
5. Enable extra security like two-factor authentication and login alerts.

You’re right to treat them as suspicious and mark them as phishing — that’s the correct instinct. Unfortunately, this is a widespread campaign right now, and Meta’s system makes it very convincing because the emails are genuine notifications about real (but malicious) requests.

If you go into Business Suite and see pending requests from unknown businesses, deny them immediately. Stay safe!

ChatGPT: Facebook Meta Business Phishing Attempts

Facebook Meta Business Phishing Attempts in ChatGPT

This query to both Gemini and ChatGPT was made as a result of continued emails we received at CharlesWorks indicating they were from Meta Business. They said someone was attempting admin access approval to purportedly manage a Facebook account that perhaps we managed. I suspected they were Facebook Meta Business phishing attempts messages although was not entirely sure. The AI systems both verified my suspicions.

Here is my ChatGPT raw conversation. The Gemini conversation was in the previous post.

I keep getting these emails indicating they are from Facebook and from what I gather, they are indications that someone is attempting to manage a Facebook page we are an admin on. I have marked them as phishing attempts. Is that what they are?

OpenAI ChatGPT LogoYes — I would treat these as hostile/phishing attempts, even though this particular email appears to have been sent through Facebook/Meta’s real mail system.

That sounds contradictory, but here’s the key point: the email authentication looks legitimate, but the request itself is suspicious.

The headers show:

spf=pass
dkim=pass
dmarc=pass
smtp.mailfrom=business.facebook.com
From: "Facebook" <no*****@***************ok.com>

So this does not look like an ordinary spoofed email. It appears to have genuinely come from Meta/Facebook’s system. The uploaded email also says it was sent to su*****@**********ks.com and describes a Business Manager partner request.

However, the suspicious part is the requester and wording:

“This request is from: Meta Platforms, please see the support link above for more details.”

That is odd. A normal partner request should usually come from a real agency, client, marketing company, or known business — not vaguely from “Meta Platforms.” Also, the message includes m.me/111998437174036, which is a Messenger link, and the email itself warns that “Other links is not part of or affiliated with Meta.”

This matches a newer scam pattern where attackers abuse the real Meta Business Manager partner request system. In those cases, the notification can pass SPF, DKIM, and DMARC because Meta really sent the notification, but the attacker created the underlying business request to trick you into clicking or granting access. Security writeups in 2026 describe this exact tactic: real-looking Meta Business Manager partner request emails generated through legitimate Meta workflows, sometimes with phishing links or malicious business names embedded in the request. (Prophet Security)

So your instinct was right. 👍

Do not approve it. Do not click the email links. Instead, go directly in your browser to:

https://business.facebook.com/

Then check:

Business Settings → Requests → Received

If you see this request there and you do not recognize the business, decline it. If there is a report option, report it there as well.

My practical recommendation:

  1. Keep marking them as phishing/junk.
  2. Do not click “View request” from the email.
  3. Log into Meta Business Suite directly at https://business.facebook.com/.
  4. Decline any unknown partner requests.
  5. Review current Page/business admins and partners.
  6. Make sure every CharlesWorks Facebook admin has two-factor authentication enabled.

Bottom line: the email may be technically authentic, but the access request is almost certainly unwanted and potentially dangerous. It is the Facebook version of somebody rattling the doorknob while wearing a fake badge.

Gemini: Facebook Meta Business Phishing Attempts

Facebook Meta Business Phishing Attempts in Gemini

These queries to Gemini and ChatGPT were made as a result of continued emails we had been receiving at CharlesWorks from Meta Business. They indicate someone was attempting admin access to manage a Facebook account that perhaps we managed. I suspected they were Facebook Meta Business phishing attempts messages although was not entirely sure. The AI systems verified my suspicions.

Included with this prompt was a 15k text file containing the text from the email in question as well as its header information from my Outlook web mail. Here is my Gemini raw conversation. My ChatGPT conversation on this topic follows in the next post and my Grok conversation follows in the one after that.

I keep getting these emails indicating they are from Facebook and from what I gather, they are indications that someone is attempting to manage a Facebook page we are an admin on. I have marked them as phishing attempts. Is that what they are?

Gemini AI LogoInterestingly, the email headers reveal that this specific message is actually technically legitimate, but the intent behind it is highly malicious.

You are completely right to treat this as a phishing and scam attempt. Here is the breakdown of what is happening.

The Technical Reality: It’s a “Legitimate” Notification

The email headers show that this message genuinely originated from Meta’s servers:

  • Sender Verification: The Authentication-Results show that SPF, DKIM, and DMARC all passed perfectly for the domain business.facebook.com.

  • Sender IP: The sending IP (66.220.144.149) belongs directly to Facebook.

This means a scammer did not spoof the email itself. Instead, they are exploiting Meta’s actual Business Manager system to send you a real notification for a fraudulent request.

The Scam: Rogue Partner Requests

Scammers routinely set up fake Meta Business accounts, naming them things like “Meta Platforms,” “Meta Security,” or “Community Support.”

They then flood random Business Manager IDs with “Partner Requests.” Because they are using the official platform, Meta automatically triggers a real notification email to you.

What Happens If You Approve It?

If you click through and accept the partnership request in your Meta Business Suite, you will manually grant the scammers admin-level access to your business assets. This allows them to:

  • Hijack your Facebook Pages.

  • Lock you out of your own accounts.

  • Run fraudulent advertisements using your attached credit lines or payment methods.

Why the Email Looks Weird

Take a look at the text inside the email body:

Your Business Is Approved for Partnership m.me/111998437174036 Other links is not part of or affiliated with Meta.

The text containing the random Messenger link (m.me/...) was typed into a customizable field by the scammer when they submitted the partner request. They are trying to trick you into clicking that chat link to pull you into a secondary phishing conversation.

What You Should Do

You handled this perfectly by marking it as phishing. To protect your business assets going forward:

  • Do Not Click Links: Avoid clicking any links inside these emails or the m.me chat links.

  • Check Meta Business Suite Directly: If you ever want to verify a request, open a browser window, log in as root/admin directly at business.facebook.com, and check your requests notifications dashboard there.

  • Reject and Report: If you see the request sitting in your actual Meta Business Suite, reject it immediately and report the requesting business entity to Meta.