MailGuard has intercepted a new phishing campaign impersonating Meta, designed to harvest personal information, Facebook login credentials and two‑factor authentication codes from page owners and business administrators. The emails claim the recipient’s Facebook Page is eligible for the blue verification badge and prompt them to complete a verification process to secure their identity and protect their brand.
The emails use the display name Meta Business Badge. The display and sending addresses follow a consistent pattern, with each message coming from a unique mailbox. The email claims the recipient’s Page is eligible for the Meta Verified badge and encourages them to register. The link in the email leads to a phishing site hosted on a non‑Meta domain.
Once the recipient clicks the link, they are taken to a phishing site that attempts to take their credentials.
The scam begins with an email claiming the user’s Page is eligible for the blue verification badge
It uses Meta branding, a blue tick icon and a “Register Now” button to encourage action.
Victims are taken to a long information page outlining the benefits of Meta Verified, complete with promotional imagery and a “Get the Verified badge” button.
This step is designed to portray legitimacy.
The next page requests personal and business details, including full name, email addresses, mobile number and Page name.
This step is used to collect account information for fraudulent use.
A Facebook‑style login screen then prompts the victim to enter their username and password.
Here, the attackers validate the account and gain access.
A further page requests a two‑factor authentication code from the victim’s authenticator app, email or SMS.
This step appears to authenticate the process and raises no suspicions.
A confirmation message appears stating the verification request has been approved.
Clicking “Meta Verified” redirects the victim to the real Facebook login page, helping mask the attack.
Key indicators of the threat
Sender domain badgefacebook.com is not associated with Meta
Newly registered domains used to host the phishing flow
Requests for personal details, login credentials and SMS codes
Verification pages hosted on unfamiliar URLs
Final redirect to the legitimate Facebook login page to mask the attack
Why this matters for businesses
This campaign is particularly dangerous for organisations that rely on Facebook Pages and Meta platforms for customer engagement, brand presence and advertising. A successful compromise can allow attackers to:
Take over Facebook Pages and remove legitimate administrators
Post fraudulent or misleading content
Run unauthorised or malicious ads
Message customers and followers from a trusted channel
Launch further phishing attacks using the compromised Page
With many staff members managing social media assets from corporate devices, a single phishing email can quickly escalate into a business‑level security incident.
MailGuard advises all recipients of these emails to delete them immediately without clicking on any links. Responding or providing personal details can lead to identity theft, data breaches, and financial losses.
Avoid emails that:
Many businesses turn to MailGuard after a near miss or incident. Don't wait until it's too late. Reach out to our team for a confidential discussion by emailing expert@mailguard.com.au or calling 1300 30 44 30.
All that it takes to devastate your business is a cleverly worded email message that can steal sensitive user credentials or disrupt your business operations. If scammers can trick one person in your company into clicking on a malicious link or attachment, they can gain access to your data or inflict damage on your business.
For a few dollars per staff member per month, you can protect your business with MailGuard's specialist AI-powered, zero-day email security. Special Ops for when speed matters! Our real-time zero-day, email threat detection amplifies our client’s intelligence, knowledge, security and defence. Talk to a solution consultant at MailGuard today about securing your company's inboxes.
Stay up-to-date with MailGuard's latest blog posts by subscribing to free updates. Subscribe to weekly updates by clicking on the button below.