Security · 1h ago
Phishing campaign abused Meta business feature to send legit-looking scam emails
Attackers hijacked a legitimate Meta business feature to send phishing emails that appeared to come from Meta's own address. The campaign targeted businesses using Meta's platforms, exploiting trust in official communications. Meta has since added additional safeguards to block the attack.
Meridian48 take
The incident highlights how even trusted communication channels can be weaponized, underscoring the need for multi-layered verification beyond sender addresses.
Read the full reporting
Devious phishing campaign hijacks a genuine Meta business feature to send scam emails — as they really do come from Meta's own address →
TechRadar
phishingmeta-security