[UPDATED 1st November 2025] We’ve created this mini-training with the best way to know for sure if an email you’ve received is from a scammer instead of Meta.
______________________________
Scammers pretending to be Facebook are nothing new, but we’re seeing an increase lately in emails to our clients masquerading as Facebook or Meta. It’s important to be aware of these phishing emails, and know how to tell if an email is from Facebook or a scammer.
While there are many variations, one of the most common (and enduring) we’ve seen is from the email address ‘messaging-service@post.xero.com’. This is actually the legitimate email address that’s used if invoices are sent via Xero, but in this case, displays as being from the sender ‘Facebook’ or ‘Facebook Service’, with the subject ‘Meta Policy Infringement’.
Here’s an example:
These emails are designed to prompt receivers to click a link in the body of the email, to capture your login details and compromise your Facebook account. However, there are a several red flags in this email that show it’s from a scammer:
How to tell if an email is from Facebook or a scammer
- Facebook never sends emails via a third party (e.g. Xero).
- Often, poor grammar is used, and the email starts with ‘Greetings [page name]’ instead of your first name, or ‘Hello dear’.
- Right click the sender’s name and look for the email address. If you can’t see it, start to ‘Forward’ the email (but don’t send it). You’ll then be able to clearly see the sender address. If it is not from one of Meta’s confirmed domains, it is from a scammer.
- In some circumstances, scammers may send you an email inviting you to join or give access to a business portfolio. Never click these emails unless you know why it was sent and were expecting it.
If you’re ever unsure if these emails are genuine or not, one way to check is to see if there are any notifications or alerts on your actual Facebook account.
You can also check this via your personal profile’s notifications, or in your business account. Navigate to ‘All tools’ and then ‘Account quality’, as shown below:
What to do if you clicked a Facebook scam link
If you HAVE clicked the link in an email like this, it will have likely taken you to a page that looks like Facebook. Usually, a popup or prompt will appear asking for your password.
If you entered your password, it’s important to change your password immediately. Make sure you have 2-factor authentication turned on. You can also check that no one else is logged in to your Facebook account, and if they are, you can follow Facebook’s steps to log them out.
Be aware of this and other phishing attempts, and keep your Facebook account secure.
____________________________________________
We’ve created this mini-training to show you exactly how to tell the difference between a real Meta email and a fake one — plus what to do if you’ve already clicked.
Need help to resolve a Meta account issue, hack or shutdown? Get in touch to arrange a free strategy call. We’re here to help!