We’ve seen a new phishing attack doing the rounds and wanted to give you a quick heads up so your business doesn’t get caught out.
What’s happening
Scammers are sending Meta Business Manager partner requests to businesses on Facebook. Because the request comes through Meta’s own system, the notification email arrives from a legitimate Facebook domain, which makes it look real.
The catch: scammers have changed their business portfolio and profile names to include a phishing link (currently, we’re seeing variations of “agency-partner-community”). If you click through and accept, you risk handing over access to your Facebook business assets.
What to do
It’s simple: don’t accept any partner requests unless you’ve spoken to the person or business directly and you’re expecting it. That includes requests that appear to be from us. If you ever get one with our name on it and you weren’t expecting it, give us a call before clicking anything.
If you’re unsure about a request you’ve received, forward it to us, and we’ll take a look.
Read more
If you think you’ve already accepted a dodgy request, Meta has a guide on what to do next: What to do if you’ve been phished on Facebook.
If you want some quick, 10-minute cyber safety and awareness training, complete a Cyber Wardens course. They’ve got straightforward training for small businesses.
Stay safe out there – and as always, if something feels off, trust that instinct and check with us first.