Over the past few days, many business owners, agencies, advertisers and Facebook Page administrators have reported receiving suspicious emails related to “Meta Partner Requests” and Facebook Business access invitations.
The emails often appear professional and convincing, sometimes even looking as if they were legitimately sent by Meta or Facebook systems. In several cases, the messages claim that another business wants to become a “partner” inside Meta Business Suite and requests access to Pages, ad accounts, pixels or other business assets.
At first glance, the notifications may seem authentic. However, cybersecurity researchers and digital agencies worldwide are warning that many of these requests are part of phishing and social engineering campaigns designed to steal access to Facebook Business accounts.
Why These Emails Look Legitimate
One of the reasons this scam is dangerous is because some requests are generated through real Meta Business tools or imitate official Meta communication very closely.
Scammers often use names such as:
- Meta Support
- Meta Platforms
- Business Protection
- Partner Support
- Meta Security Team
Some emails also include Messenger links, fake support pages or urgent warnings designed to pressure users into acting quickly.
Typical messages may claim:
- your Page is at risk
- policy violations were detected
- your account requires verification
- a business partner is requesting access
- advertising privileges may be suspended
The goal is usually the same: trick users into granting access or entering login credentials.
What Scammers Are Trying to Steal
These attacks mainly target:
- Facebook Pages
- Meta Business Manager accounts
- Instagram accounts
- Advertising accounts
- Pixels and datasets
- Payment methods
- Admin permissions
If attackers gain access, they may:
- run fraudulent advertising campaigns
- steal business assets
- lock legitimate owners out of accounts
- use compromised Pages for scams
- abuse stored payment methods
- impersonate businesses online
For agencies and companies managing client accounts, the risks can be even more serious.
Red Flags to Watch For
Here are some common warning signs:
- suspicious Messenger or shortened links
- urgent or threatening language
- requests to “verify” your account immediately
- unknown partner businesses
- strange business names
- poor grammar or inconsistent formatting
- requests asking for passwords or verification codes
One particularly important thing to remember:
Meta will never ask for your password, 2FA codes or payment information via email.
What To Do If You Clicked the Link
If you clicked a suspicious link but did not:
- enter your password
- approve partner access
- provide verification codes
- download suspicious files
then the risk is generally much lower.
However, it is still recommended to:
- change your Facebook password
- enable or verify two-factor authentication (2FA)
- review Business Manager permissions
- remove unknown partners or users
- review active login sessions
- monitor advertising activity
Inside Meta Business Suite, check:
- People
- Partners
- Pages
- Ad Accounts
- Payment Methods
- Instagram Accounts
If you notice unfamiliar users or permissions, remove them immediately.
Why Businesses Should Take This Seriously
This scam campaign appears to be affecting businesses worldwide, including agencies, e-commerce companies, media publishers and advertisers.
Even experienced users can be fooled because the emails often imitate official Meta branding very convincingly.
For companies managing multiple Pages or client assets, maintaining strong security practices is essential.
How to Stay Protected
To reduce the risk of compromise:
- always use two-factor authentication
- never approve unknown partner requests
- verify requests directly inside Meta Business Suite
- avoid clicking suspicious links in emails
- regularly audit admin permissions
- limit full admin access whenever possible
Training staff and clients to recognize phishing attempts is also increasingly important.
Final Thoughts
Fake Meta partner requests are becoming more common and more sophisticated.
While many of these emails are fraudulent, the good news is that most attacks can be avoided simply by staying cautious and verifying requests before approving access.
If you manage Facebook Pages, advertising accounts or business assets, always review partner invitations carefully and never grant permissions to unknown businesses.
About Web3 Digital
Web3 Digital is a Dubai-based digital agency specializing in:
- website development
- e-commerce solutions
- social media management
- SEO and digital marketing
- Web3 and blockchain services
- business automation and AI solutions
If your company needs help securing digital assets, managing social media infrastructure, building websites or improving online visibility, feel free to contact our team.
