Beware The Facebook Partner Request Scam

Pineville NC Chamber May 11, 2026

The Facebook Partner Request Scam is extremely common and highly sophisticated. Scammers routinely send tens of thousands of phishing emails, often leveraging legitimate Meta servers to send fake notifications. This widespread tactic tricks users into handing over control of their business pages, ad accounts, and personal data.

How the Scam Works

• The "Urgent" Hook: You receive an email stating your Business Manager access is restricted, a partner request is waiting, or your account will be suspended.
• The Legitimate Loophole: Scammers open real Meta Business Manager accounts and name their business threatening phrases like "⚠️ Your accounts will be locked." Meta’s automated servers then generate a genuine notification that lands in your inbox.
• The Trap: The message directs you to a fake website (made to look exactly like Meta or Facebook) designed to steal your login credentials or two-factor authentication codes

To avoid the Facebook/Meta Business Partner request scam, never click email links to review or accept access. Scammers exploit Meta's own systems to send legitimate-looking email notifications that contain requests to hijack your business assets.

Concrete Examples & Red Flags

• Fake Urgent Warnings: Messages claiming "Your page will be deleted in 24 hours due to policy violations".
• Lookalike Domains: Phishing emails sent from addresses that look legitimate at first glance, but do not actually come from official @fb.com or @meta.com domains.
• No Pending Requests: If you get a notification but see no actual pending requests when logging into Meta Business Suite, it is a scam. [1, 2, 3, 4]

How to Protect Yourself

• Verify before clicking: Never click links in emails claiming to be from Facebook or Meta. Instead, manually navigate directly to your Meta Business Manager or Facebook Security and Login Settings to check for real alerts.
• Check the sender: Legitimate Meta emails only originate from specific domains like @fb.com, @meta.com, @account.meta.com, or @facebookmail.com.
• Never give up 2FA codes: Meta will never ask you to provide your password or two-factor authentication codes over email or messages.
• Report the attempt: Forward suspicious emails directly to Meta at phish@fb.com

Follow this step-by-step approach to identify and neutralize the threat.

1. The Verification Process

Instead of clicking the email link, manually verify if the request is real:

• Open a fresh browser tab and navigate directly to Meta Business Suite.
• Navigate to Settings \(\rightarrow \) Business Settings \(\rightarrow \) Requests \(\rightarrow \) Received.
• If the request is not listed in your official Meta dashboard, the email is a phishing attempt.

2. Warning Signs to Look For

Scammers use specific psychological and technical tricks to panic victims into clicking malicious links: [1]

• Urgency and Threats: Emails claiming "your account will be disabled" or "ad access will be restricted" in the next 24-48 hours.
• Messenger Links: The "Accept" button inside the scam email redirects to a Messenger (m.me) link instead of a secure Business Manager portal.
• Fake Business Names: The sender may name their dummy business something like "⚠️ FINAL NOTICE: PAGE RESTRICTED" so that the text appears threateningly in the email body.

3. Immediate Actions if You Clicked

If you mistakenly clicked a link or accepted an unknown partner request:

• Remove the Partner: Go to Meta Business Suite, go to Settings \(\rightarrow \) Partners or Users, select the unrecognized entity, and click Remove.
• Secure Your Account: Change your Facebook password immediately and ensure Two-Factor Authentication is turned on.
• Check Payment Methods: Navigate to your Meta Ads Manager Billing to ensure the scammer hasn’t added unauthorized payment methods or run ads on your dime.

4. Official Communication Channels

If Meta ever needs to contact you regarding policy violations, account restrictions, or partner updates, you can always view those messages directly on the official Meta Support Inbox. Official communications from Meta will only originate from email domains ending in fb.com, facebook.com, facebookmail.com, instagram.com, meta.com, or metamail.

The information in this article was compiled with the help of AI and is solely meant for informational purposes only. Readers should use their own judgment on actions regarding email security.