Product
A threat actor group is actively conducting a phishing campaign since November 2025, abusing Meta's legitimate Business Account Manager service to send emails from noreply@business.facebook.com containing malicious Google Sites URLs that redirect to sophisticated phishing pages, ultimately aiming to steal Meta account credentials, MFA codes, personal and business contact information, and identification documents from targeted businesses, with recent evolutions including a Facebook Messenger chatbot and exfiltration to Telegram.