The campaign primarily targets small and mid-sized businesses, advertising agencies, and social-media managers who use Meta Ads for their marketing.For these victims, losing access isn’t just an inconvenience — it means losing customers, visibility, and revenue.
Once an account is compromised, the attacker:
Even a single breach can cause significant financial and reputational harm.The operation’s global reach suggests a sophisticated and disciplined criminal enterprise.
Warning Signs
Recommended Actions
Use hardware-based MFA for all admins.
Require approval for billing or admin changes.
Detect fast sequences (login → payment → ad creation).
Verify all Meta messages directly inside Business Manager.
Read the full report
Phishing Operations Targeting Meta Business Accounts
Want to detect threats 8+ months earlier?
See how DarkArmor's PreBreach intelligence can protect your organization.
