Meta Mirage Report

Meta Mirage is a global phishing campaign targeting Meta Business Suite users with the intent to compromise high-value assets like verified brand pages, ad accounts, and administrator access. Unlike generic scams, this operation simulates Meta’s interface using over 14,000 phishing URLs and 24+ custom templates. Many of these phishing URLs are hosted on trusted cloud platforms such as GitHub Pages and Vercel, adding a layer of false legitimacy to the attacks.

By combining fake policy violation alerts, session hijacking techniques, and third-party exfiltration services, Meta Mirage reflects a sophisticated abuse of trust at scale. This makes the campaign a serious threat to digital brand owners and businesses, as it manipulates victims into revealing critical credentials and session data.