Facebook Meta Business Phishing Attempts in ChatGPT
This query to both Gemini and ChatGPT was made as a result of continued emails we received at CharlesWorks indicating they were from Meta Business. They said someone was attempting admin access approval to purportedly manage a Facebook account that perhaps we managed. I suspected they were Facebook Meta Business phishing attempts messages although was not entirely sure. The AI systems both verified my suspicions.
Here is my ChatGPT raw conversation. The Gemini conversation was in the previous post.
I keep getting these emails indicating they are from Facebook and from what I gather, they are indications that someone is attempting to manage a Facebook page we are an admin on. I have marked them as phishing attempts. Is that what they are?
Yes — I would treat these as hostile/phishing attempts, even though this particular email appears to have been sent through Facebook/Meta’s real mail system.
That sounds contradictory, but here’s the key point: the email authentication looks legitimate, but the request itself is suspicious.
The headers show:
spf=pass
dkim=pass
dmarc=pass
smtp.mailfrom=business.facebook.com
From: "Facebook" <no*****@***************ok.com>
So this does not look like an ordinary spoofed email. It appears to have genuinely come from Meta/Facebook’s system. The uploaded email also says it was sent to su*****@**********ks.com and describes a Business Manager partner request.
However, the suspicious part is the requester and wording:
“This request is from: Meta Platforms, please see the support link above for more details.”
That is odd. A normal partner request should usually come from a real agency, client, marketing company, or known business — not vaguely from “Meta Platforms.” Also, the message includes m.me/111998437174036, which is a Messenger link, and the email itself warns that “Other links is not part of or affiliated with Meta.”
This matches a newer scam pattern where attackers abuse the real Meta Business Manager partner request system. In those cases, the notification can pass SPF, DKIM, and DMARC because Meta really sent the notification, but the attacker created the underlying business request to trick you into clicking or granting access. Security writeups in 2026 describe this exact tactic: real-looking Meta Business Manager partner request emails generated through legitimate Meta workflows, sometimes with phishing links or malicious business names embedded in the request. (Prophet Security)
So your instinct was right. 👍
Do not approve it. Do not click the email links. Instead, go directly in your browser to:
https://business.facebook.com/
Then check:
Business Settings → Requests → Received
If you see this request there and you do not recognize the business, decline it. If there is a report option, report it there as well.
My practical recommendation:
- Keep marking them as phishing/junk.
- Do not click “View request” from the email.
- Log into Meta Business Suite directly at
https://business.facebook.com/. - Decline any unknown partner requests.
- Review current Page/business admins and partners.
- Make sure every CharlesWorks Facebook admin has two-factor authentication enabled.
Bottom line: the email may be technically authentic, but the access request is almost certainly unwanted and potentially dangerous. It is the Facebook version of somebody rattling the doorknob while wearing a fake badge.