Back to Phishing Attacks Using Real Company Notifications

This is a version of Phishing Attacks Using Real Company Notifications.

Facebook Invite Email to Join Meta Business Portfolio Scam

Users report receiving legitimate-looking Facebook emails inviting them to join a “Meta Business Portfolio” with a clickable link embedded in the business name. The business name often contains or mimics a URL (for example, something like advertiser-credit.surge.sh or similar). Because the email is sent through Facebook’s official notification system, it appears completely authentic. However, clicking the link leads to a fake Meta login page that perfectly imitates the real one, prompting users to enter their password — which is then stolen.

Facebook Invite Email to Join Meta Business Portfolio Scam | Primary Image

What’s different in this version

These traits set this message apart from the usual pattern.

  1. Attackers use official Facebook notification emails to distribute phishing links.

  2. The “business portfolio name” contains a malicious URL.

  3. The linked site perfectly copies Meta’s branding and login page.

  4. Prompts users to "confirm password," stealing credentials when entered.

  5. Variants may use names like “Free Advertising Credit,” “Meta Partner Portal,” or other trust-building phrases.

  6. Many users may search “Facebook business invite email scam” or similar after seeing the message.

How this scam works

  1. 1

    Step 1: Scammers create fake profiles, business pages, or events and set their name to a phishing website’s address.

  2. 2

    Step 2: The real company (such as Facebook, Google, Microsoft, etc.) sends out official notifications or invites containing these names and links.

  3. 3

    Step 3: The user receives an authentic-looking email from a known company, with what appears to be a normal group, page, or invite name, but is actually a scam link.

  4. 4

    Step 4: If the user clicks the link, they are sent to a convincing fake login or landing page that requests personal or login information.

  5. 5

    Step 5: Any details entered are stolen by the scammers.

✓ Do this

  • Always check carefully before clicking on links in emails, even if a message comes from a trusted company.
  • Hover your mouse over links to see where they really go.
  • When in doubt, visit the company’s website by typing the address into your browser instead of clicking links.
  • Contact the company directly using their official website if you receive a suspicious notification.

✗ Avoid this

  • Never enter passwords on a website you reached by clicking a suspicious or unfamiliar link—even if the email looks official.
  • Do not trust notifications that reference strange group, page, or business names or website addresses.
  • Avoid logging in through links in emails if you’re not expecting an invitation or message.

Verbatim excerpts from the scam

Exact lines from emails or messages—searchable text so you can compare wording.

  1. 1 Excerpt 1
    "You're invited to join [Business Name / URL]"
  2. 2 Excerpt 2
    "Meta Ads Center invited you to join the [Business Name / URL] business portfolio. You may need to login with your managed Meta account..."