[email protected] +374 55 22 88 11
Security

When the phishing email is from Meta itself: anatomy of a Business Manager partner-request attack

May 18, 2026

Between 06:36 and 16:34 on May 5, 2026, the CyberHUB-AM mailbox received three separate Meta Business Manager partner requests from three different attacker-controlled Business Manager accounts. All three were addressed to [email protected]. All three arrived within roughly ten hours.

None of them were spoofed. Every email passed SPF, DKIM, and DMARC authentication. Every email originated from Facebook’s actual mail servers (66.220.144.144, 66.220.144.145, 69.171.232.131). Every link in every email pointed to business.facebook.com — Meta’s real domain.

This is not a conventional phishing attack. There is no fake sender, no lookalike domain, no header manipulation. The email genuinely is from Meta. And that is exactly what makes this campaign dangerous — and worth documenting publicly.

[SCREENSHOT 1: rendered partner-request email as it appears in the inbox]
[SCREENSHOT 1: rendered partner-request email as it appears in the inbox]

If you run a Facebook Page or Instagram presence for a small business, NGO, or media outlet in Armenia, you are in the target population. Industry research from April 2026 documented over 40,000 of these messages reaching more than 5,000 organizations across the US, Europe, Canada, and Australia. We can now confirm that Armenian organizations are part of the target set.

Why traditional phishing detection fails here

The standard advice CyberHUB-AM teaches in journalist and NGO trainings — check the sender address, hover over links, verify the domain — is structurally blind to this attack class.

The attacker does not send the email. Meta does. The attacker performs one action inside Meta Business Manager: they send a partner request to your business. Meta’s own automated notification system then composes and delivers a perfectly authentic email to your inbox, signed by Facebook’s legitimate cryptographic keys.

What the attacker controls is not the envelope of the email — it is the content that Meta inserts into its template. Specifically, two fields:

  1. The Business Manager’s registered name (which appears in Meta’s anti-fraud disclaimer)
  2. The display name shown in the body of the request

Both fields are user-editable. Meta does not heavily moderate them. And the attackers have learned exactly how to abuse them.

Three techniques observed in the May 5 specimens

1. Disclaimer injection — the most novel finding

Meta’s notification system always renders this exact sentence inside the email:

[BUSINESS NAME] is not part of or affiliated with Meta. Only approve requests and invitations from people and businesses that you know and trust.

This is Meta’s anti-fraud disclaimer. It is supposed to warn you. The text in bold is whatever the requesting party registered as their business name.

In one of the three specimens we received, the attacker had registered their Business Manager under this name:

Agency Partner Program is Meta’s partner network, any other Program

When concatenated into Meta’s template, the rendered sentence becomes:

Agency Partner Program is Meta’s partner network, any other Program is not part of or affiliated with Meta.

A reader skimming the email parses this as: “The Agency Partner Program is Meta’s official partner network — only other programs are unaffiliated.” The attacker has converted Meta’s anti-fraud disclaimer into a self-endorsement, using nothing more than a creatively chosen business name.

This technique is conceptually similar to SQL injection — same logic, applied to a UI template instead of a database query. The attacker injects content that breaks the expected grammatical boundary of Meta’s template and causes it to produce a meaning opposite to its intent. We have not seen this technique documented in the public threat-intelligence literature on this campaign. It represents a meaningful evolution of the attack.

[SCREENSHOT 2: highlighted disclaimer with the bold portion clearly visible]
[SCREENSHOT 2: highlighted disclaimer with the bold portion clearly visible]

2. Dual-name asymmetry

The other two specimens used a subtler form of name manipulation. Each presented two slightly different names — one in the disclaimer, one in the body of the request:

  • “Agency Certified Network” / “Agency Certification Hub
  • “Agency Endorsement Program” / “Agency Compliance Program”

The two names look like related parts of a single institution — a Network with a Hub, a Program with a Compliance arm. The asymmetry suggests organizational depth and legitimacy. As a side benefit, it defeats simple keyword filters: a block list for “Agency Certification Hub” does not match “Agency Certified Network.”

3. Templated trust vocabulary and typosquatted Messenger handles

Across the three specimens, the attackers’ name pool draws from a small, deliberate lexical set: Certified, Certification, Endorsement, Compliance, Partner, Program, Network, Hub. Every name follows the pattern [Authority Adjective] + [Institution Noun], and every name positions the Business Manager as Meta-adjacent.

The body of each request also embeds a Messenger handle for “follow-up”: m.me/Partnerprogramss (note the doubled s) and m.me/aPartnerplatfomprogram (note the misspelled “platfom”). These are typosquatted handles. The legitimate-looking variants are presumably already registered or reserved, so the attackers register near-misses that look correct under a quick read.

What the attacker actually wins

This attack does not steal your password. It does not bypass your two-factor authentication. It does something quieter and, in some ways, harder to recover from.

If you accept the partner request, the attacker’s Business Manager is granted persistent access to whatever assets you authorize — Pages, ad accounts, pixels, custom audiences, catalogs. From there, the documented playbook is:

  • Run their own ads on your ad account, drained against your credit line. Crypto scams, fraudulent dropshipping, and political disinformation are the most common payloads.
  • Post on your Page, hijacking the audience trust you spent years building.
  • Exfiltrate first-party audience data (custom audiences, lookalike seeds).
  • Escalate to admin replacement and full Page takeover.

For a marketing agency that manages Business Manager access for thirty or forty clients, a single account manager clicking “Approve” on a single email exposes every client. For a small NGO or media outlet, the consequence is reputational damage that propagates faster than recovery is possible.

What to do

  1. Treat every unexpected partner request as hostile by default. Do not approve any partner request you did not explicitly initiate or expect. There is no legitimate “Meta agency program” that solicits businesses through unsolicited Business Manager partner requests.
  2. Audit your existing partners. Go to Meta Business Suite → Settings → Partners. Remove anything you do not recognize.
  3. Do not click “View request” from the email. If you need to investigate a partner request, navigate to business.facebook.com directly and review pending requests there.
  4. Report the email to Meta at [email protected].
  5. Train every staff member with admin or editor access to your Page. The technical controls protecting your account do not protect against a colleague clicking Approve.
← previous post HR-Themed Spear-Phishing Email Using PDF and QR Code Impersonates MDI Armenia