Cybercriminals are constantly finding new ways to trick people into giving up sensitive information, and two scams that have recently gained attention involve fake Google security calls and deceptive Meta business account emails.
While both scams use different methods, they share a common goal: convincing victims that a trusted technology company is contacting them about an urgent issue. Understanding how these scams operate can help you avoid becoming their next target.
The Fake Google “Legacy Contact” Phone Scam
One of the more convincing scams currently making the rounds involves automated phone calls that appear to come from Google.
The calls often use spoofed caller IDs that display “Google” as the caller name, creating the illusion that the company is reaching out directly. Some versions of the scam are relatively generic, claiming suspicious activity has been detected on your account and instructing you to press a number for assistance.
A more sophisticated variation focuses on a supposed “legacy contact request” associated with your Google account.
The automated message claims that someone is attempting to gain access to your account by declaring that you are deceased. Victims are then told to press a button to speak with a “security department” or “legacy department” representative if they are still alive.
The message is designed to create panic and urgency, encouraging people to act before thinking critically about the claim.
Does Google Actually Have a Legacy Contact Feature?
The scam is partially based on a real Google feature, which is why it can appear believable.
Google offers a tool called the Inactive Account Manager. This feature allows users to decide in advance what should happen to their account if it remains inactive for a specified period of time.
Users can choose trusted contacts who may receive access to certain account information after months of inactivity. However, this process must be configured by the account owner beforehand.
What scammers fail to mention is that nobody can simply submit a request claiming a user is deceased and automatically gain access to their account.
In rare situations involving deceased users, Google may consider requests from family members, but such cases typically require legal documentation and, in some circumstances, court orders. It is not a process that can be triggered through a simple online request form.
Why the Call Is Clearly a Scam
There are several warning signs that expose the fake Google call.
First, Google does not operate a “legacy department” that contacts users regarding account inheritance requests.
Second, major technology companies rarely make unsolicited phone calls regarding account security. In many cases, users struggle to contact customer support directly, making it highly unlikely that a company would proactively call about such an issue.
Most importantly, the scam relies on fear and urgency. Any message claiming that someone is about to gain access to your account unless you immediately press a button should be treated with extreme suspicion.
If a victim follows the instructions, they are typically connected to a scammer who may attempt to steal financial information, request payments, or gain remote access to devices.
The Meta Business Manager Email Scam
Another growing threat involves fake business partnership requests sent through Meta’s systems.
Unlike many phishing attempts, these emails often appear legitimate because they are actually delivered through Meta’s official notification infrastructure. As a result, recipients may see what looks like a genuine Facebook or Meta email in their inbox.
The scam begins when cybercriminals create a fraudulent business account and send a partnership or business manager access request.
If accepted, the scammers could potentially gain access to valuable Facebook pages, advertising accounts, or business assets.
However, the real danger often lies elsewhere.
How Scammers Hide Phishing Links Inside Legitimate Emails
A particularly deceptive tactic involves manipulating the display name used in the business request.
Scammers create account names that resemble official Meta support services and embed phishing URLs within the name itself. When the notification email arrives, the fraudulent link appears prominently in the message, making it look like an official Meta resource.
To make the deception even more convincing, scammers have adapted their naming schemes to work around warning messages included in Meta’s emails.
For example, they may structure account names so that Meta’s disclaimer appears to read like part of a legitimate sentence rather than a warning. This subtle trick can make the email appear more authentic to unsuspecting users.
Clicking these links typically redirects victims to phishing websites designed to steal login credentials, personal information, or business account access.
Why These Scams Are Becoming More Effective
A growing trend in cybercrime involves abusing legitimate notification systems provided by trusted companies.
Rather than sending obvious fake emails from suspicious addresses, scammers increasingly use real notifications generated by platforms such as Meta, Google, and other major services.
Because the email originates from a legitimate source, spam filters may be less effective at identifying the threat. The malicious content is often hidden within account names, profile details, or user-generated fields that the platform allows scammers to customize.
This technique gives phishing attempts an extra layer of credibility that can make them more difficult to detect.
How to Protect Yourself
To stay safe from scams like these, follow a few simple guidelines:
Never Trust Unsolicited Security Calls
If you receive an unexpected call claiming to be from Google, Meta, or another major company, do not provide personal information or follow instructions immediately.
Instead, hang up and visit the company’s official website directly to verify whether any issue actually exists.
Be Cautious With Account Access Requests
If you manage Facebook pages, business accounts, or advertising assets, carefully review any partnership or access request before approving it.
Only grant permissions to people and organizations you know and trust.
Inspect Links Carefully
Even if an email appears to come from a legitimate company, avoid clicking links without verifying where they lead.
Cybercriminals increasingly exploit trusted platforms to distribute phishing content.
Watch for Fear-Based Messaging
Scammers frequently rely on urgency, fear, and emotional manipulation. Messages claiming immediate account compromise, inheritance requests, or security emergencies should always be treated with caution.
Final Thoughts
The latest Google and Meta scams demonstrate how cybercriminals continue to evolve their tactics. By blending real platform features with fabricated threats, scammers can create convincing messages that appear legitimate at first glance.
Whether it’s a fake Google call about a “legacy contact request” or a Meta business invitation hiding phishing links, the goal remains the same: trick users into giving away valuable information.
Staying informed, verifying communications through official channels, and maintaining a healthy level of skepticism are still the best defenses against modern online scams.