Sketchy Facebook pages impersonating businesses are nothing new, but a recent spate of scams is particularly brazen.
A handful of verified Facebook pages were recently hacked and potential malware was detected using ads approved and purchased through the platform. But accounts should be easy to catch; in some cases, they were impersonating Facebook itself.
Social consultant Matt Navarra first spotted some of the ads and shared them on Twitter. Compromised accounts include official-sounding pages like “Meta Ads” and “Meta Ads Manager.” These accounts shared suspicious links with tens of thousands of followers, although their reach likely extended much further through paid posts.
In another case, a hacked verified account pretending to be “Google AI” pointed users to fake links for Bard, Google’s AI chatbot. This account previously belonged to Indian singer and actress Miss Pooja before the account name was changed on April 29. That account, which ran for at least a decade, had more than 7 million followers.
Facebook now tracks and publicly displays a history of name changes for verified accounts — a welcome bit of transparency, but a safeguard that apparently isn’t enough to flag some obvious scams.
What’s most egregious about these cases is that the hacked pages not only impersonated major tech companies, but included Meta itself, but that they were able to buy Facebook ads and go on to distribute suspicious download links. Despite the very recent account name changes, these ads appear to have passed through Meta’s automated ad system without issue.
All spoof pages identified by Navarra have since been disabled.
This week, Meta shared a report on a recent spate of AI-themed malware scams. In such cases, hackers lure Facebook, Instagram, and WhatsApp users into downloading malware by masquerading as popular AI chat tools like ChatGPT. One such malware group known as DuckTail has been affecting businesses on Facebook for several years.
As TechCrunch’s Carly Page explained this week:
Meta says attackers distributing the DuckTail malware have increasingly turned to these AI-themed decoys to try to compromise companies with access to Facebook advertising accounts. DuckTail, which has been targeting Facebook users since 2021, steals browser cookies and hijacks initiated Facebook sessions to steal information from the victim’s Facebook account, including account information, location data, and passcodes two factor authentication. The malware also allows the threat actor to hijack any Facebook Business account the victim has access to.
Facebook pages that impersonated Facebook and bought malware-laden ads may have been compromised by DuckTail or similar malware.
“We invest significant resources in detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are hard to see because they minimize people getting into trouble in the first place, fraudsters are always trying to get around our security measures.”
Impersonator accounts and compromised business pages have long been a headache for business owners on Facebook and Instagram. Meta Verified, the company’s recently launched verification program, is positioned to improve the company’s notoriously thin level of customer service for businesses that rely on its apps. Controversially, Meta’s promising “proactive account protection” offering isn’t a free upgrade: Instagram and Facebook accounts will have to pay $14.99 per month to ensure the highest level of customer support, a price that many companies will probably begrudgingly pay to avoid drowning. a sea of scam accounts.
Recent reports reveal that hackers have been creating verified Facebook pages impersonating Meta, a tech giant, and buying ads from the same company. This practice has become an increasingly concerning issue due to concerns that the hackers may use the information gathered from the ads to infiltrate Meta’s network.
At Ikaroa, we understand the importance of data security. Our team of professionals are well-versed in the various security measures needed to protect against this type of attack. We can provide proactive solutions that help to prevent hackers from gaining access to sensitive information and prevent malicious activity.
We believe in the importance of transparency and trust. When it comes to data security, we take a proactive approach. Our experts can audit your system to identify any potential security vulnerabilities, and recommend any necessary changes to ensure your data is kept secure.
We specialize in helping our clients protect their confidential data and systems. We have a long-standing history of helping leading tech companies implement the necessary measures to protect their networks from evolving threats, including those posed by fake Facebook pages.
For upholding security and data integrity, Ikaroa is the choice for companies looking to protect against malicious activity such as those practicing by fake Facebook pages and the hackers behind them. Our range of services can help create a secure environment for companies to operate in and protect them from any potential breaches.