PSA: Delete those "Business Manager partner request" Facebook emails immediately

Hackers are hijacking Facebook business pages and permanently disabling personal accounts using highly convincing “Business Manager partner request” emails.

These are not your typical typo-filled spam messages. They are actual notifications sent directly from Meta’s official [email protected] address, and they even carry a verified blue checkmark.

According to a detailed warning on r/facebook, the attack exploits Meta’s own partnership system. Scammers create a dummy business page with an incredibly long, deceptive name.

They name the page something like “Agency Partner Program is Meta’s partner network.” When they request access to your page, Facebook automatically generates an official email containing that exact text.

It looks completely legitimate. The OP claimed they fell for the trick early in the morning. They clicked the link, which opened a direct Messenger chat with the fake page.

From there, the attackers prompted them for an ID verification. The victim uploaded their driver’s license. The hackers used that ID to bypass two-factor authentication without triggering any email warnings.

Following that, the attackers transferred page permissions, locked the original owner out, and began posting stolen videos to farm monetization. They also got the victim’s 15-year-old personal account permanently disabled by posting illegal content.

This isn’t the only thread about these emails, either. Another thread is full of page owners complaining about the spam. A commenter said they are receiving up to ten of these requests a single day.

More discussions can be seen here and here.

This level of social engineering is not great, but it is becoming a common tactic. Just a few weeks ago, a highly targeted phishing scam compromised German officials on Signal by spoofing official support messages.

For now, the absolute best defense is to delete the emails completely. If you need to check your page settings, log into the Meta Business Suite manually.

Do not click the “View request” button in your inbox. Facebook is currently protecting the scammers through its automated architecture, so the only real protection is to avoid those links.

Featured image generated with AI

We stand out from the tech-media crowd because we break news stories; we mainly bring you stuff that you won’t find anywhere in the mainstream tech media. Our stories have been picked up by some of the world’s most popular websites and media outlets—more info is available here.