Gemini: Facebook Meta Business Phishing Attempts

Facebook Meta Business Phishing Attempts in Gemini

These queries to Gemini and ChatGPT were made as a result of continued emails we had been receiving at CharlesWorks from Meta Business. They indicate someone was attempting admin access to manage a Facebook account that perhaps we managed. I suspected they were Facebook Meta Business phishing attempts messages although was not entirely sure. The AI systems verified my suspicions.

Included with this prompt was a 15k text file containing the text from the email in question as well as its header information from my Outlook web mail. Here is my Gemini raw conversation. My ChatGPT conversation on this topic follows in the next post and my Grok conversation follows in the one after that.

I keep getting these emails indicating they are from Facebook and from what I gather, they are indications that someone is attempting to manage a Facebook page we are an admin on. I have marked them as phishing attempts. Is that what they are?

Gemini AI LogoInterestingly, the email headers reveal that this specific message is actually technically legitimate, but the intent behind it is highly malicious.

You are completely right to treat this as a phishing and scam attempt. Here is the breakdown of what is happening.

The Technical Reality: It’s a “Legitimate” Notification

The email headers show that this message genuinely originated from Meta’s servers:

  • Sender Verification: The Authentication-Results show that SPF, DKIM, and DMARC all passed perfectly for the domain business.facebook.com.

  • Sender IP: The sending IP (66.220.144.149) belongs directly to Facebook.

This means a scammer did not spoof the email itself. Instead, they are exploiting Meta’s actual Business Manager system to send you a real notification for a fraudulent request.

The Scam: Rogue Partner Requests

Scammers routinely set up fake Meta Business accounts, naming them things like “Meta Platforms,” “Meta Security,” or “Community Support.”

They then flood random Business Manager IDs with “Partner Requests.” Because they are using the official platform, Meta automatically triggers a real notification email to you.

What Happens If You Approve It?

If you click through and accept the partnership request in your Meta Business Suite, you will manually grant the scammers admin-level access to your business assets. This allows them to:

  • Hijack your Facebook Pages.

  • Lock you out of your own accounts.

  • Run fraudulent advertisements using your attached credit lines or payment methods.

Why the Email Looks Weird

Take a look at the text inside the email body:

Your Business Is Approved for Partnership m.me/111998437174036 Other links is not part of or affiliated with Meta.

The text containing the random Messenger link (m.me/...) was typed into a customizable field by the scammer when they submitted the partner request. They are trying to trick you into clicking that chat link to pull you into a secondary phishing conversation.

What You Should Do

You handled this perfectly by marking it as phishing. To protect your business assets going forward:

  • Do Not Click Links: Avoid clicking any links inside these emails or the m.me chat links.

  • Check Meta Business Suite Directly: If you ever want to verify a request, open a browser window, log in as root/admin directly at business.facebook.com, and check your requests notifications dashboard there.

  • Reject and Report: If you see the request sitting in your actual Meta Business Suite, reject it immediately and report the requesting business entity to Meta.

Leave a Reply

Your email address will not be published. Required fields are marked *