Scammers hack verified Facebook pages to impersonate Meta

If you see a verified page, complete with a blue check mark, on Facebook… don’t automatically assume that page is legitimate.

Mashable can confirm that several fake Facebook business pages have been masquerading as companies like Google and even Meta.

In all of the pages seen by Mashable, the verified Facebook pages appear to have been hacked, with their page name and Facebook URL changed last week. Some of these pages had millions of followers. Each shows a blue verification badge that says “Facebook has confirmed this profile is authentic.”

This is not a real and verified Meta Ads page. The page belonged to a school in Turkey and has been hacked.
Credit: Screenshot from Mashable

However, the most worrying thing is that every hacked page was approved to run ads on the Facebook network and it seems like everyone was doing it. It’s unclear how far these scam ads went and how many Facebook users have potentially fallen victim.

Scam ads direct users to click on a fake Google or Facebook URL that takes them to a fake Google Sites page that impersonates the company. Once on the page, the user is directed to download alleged Facebook ad tools or Google AI software, depending on which ad they clicked on. In the file links seen by Mashable, users were directed to a .rar file hosted on a Trello page that most likely contains malware.

This page belonged to the Indian singer Miss Pooja. It is not an official Google page.
Credit: Screenshot from Mashable

In every case seen by Mashable, page managers were added to these hacked pages from numerous countries that had no connection to the location of the page’s original owners. Although it doesn’t automatically indicate anything, since social media managers can be located anywhere, each hacked page included 3 page managers from Vietnam, a hotbed of scammer activity on Facebook as previously informed from Mashable.

Several hacked pages had millions of followers

The biggest hacked page seems to belong to Miss Pooja, a famous singer in India. The page has more than 7 million followers. On April 29, the name of the page was changed to “Google AI”. The URL was also changed to “facebook.com/Google.BardAI2”.

Facebook page details show name changes over time.
Credit: Screenshot from Mashable

On May 3, the page began running ads on Facebook, including one that included the copy “NOTICE This is the only and official Google Bard PAGE with verification, all other pages are fake.” The ads directed users to visit domains such as “aifuture.wiki” and “bardai.bio”.

The fake Google page posted it as an ad on Facebook.
Credit: Screenshot from Mashable

If a user clicked on one of these links, they were taken to one of the aforementioned fake Google Sites pages pretending to be an official Google website. For these particular ads, a user was directed to a page called “Google AI Marketing” where they were asked to “Download Google AI Marketing.” Clicking on this link would automatically download a malicious file “Google_AI_Marketing.rar”, which was hosted on Trello, a popular project management tool.

Ads on the fake Google page directed users to this fake website.
Credit: Screenshot from Mashable

Miss Pooja was not the only Indian star to be attacked. Indian singer-songwriter Babbu Maan also had his verified Facebook page, with 3 million followers, hacked. Maan’s page was soon changed to “Meta Ads”, which ran Facebook ads with copy similar to the fake Google page. These ads, however, were pushed to a “metaadstools.com” domain.

Babbu Maan’s original page URL was kept on fake meta ads page.
Credit: Screenshot from Mashable

Düzce Üniversitesi, a university in Turkey, also had its verified page with more than 28,000 followers hacked. Their Facebook page was also quickly disguised as the official “Meta Ads” page, complete with the Meta logo as a profile picture. He also started posting ads but on the domain “fbadstools.com”.

The two hacked pages impersonating Meta tried to trick users into downloading a “Meta Ads Manager” tool. The link would download a malicious file titled “Facebook_Ads_Manager.rar” that was also hosted on Trello.

A screenshot of the setup of the fake website to promote a malicious tool “Facebook Ads Manager”.
Credit: Screenshot from Mashable

Over the past few days, warnings about these fake pages began to spread to various software-as-a-service (SaaS) groups and social networks on Facebook. Matt Navarra, a prominent social media consultant, proceeded highlight the issue(opens in a new tab) also in the past day.

Mashable has reached out to Meta for more information. All hacked Facebook pages seen by Mashable have since been removed from the platform.

While the hacked Facebook pages all appear to have been verified by Facebook prior to their new paid verification system, Target verifiedthe new feature that allows users to pay for a blue check mark could cause additional problems.

Even if Meta specifically verifies each one, these latest hacks show how scammers can take over an existing verified page to trick users. And, with anyone now able to pay $15 for verification, the pool of potential targets for hackers to perpetuate their scams has just grown significantly.