Popular and verified Facebook pages are becoming victims of cybercriminals, who are using them to distribute malware from ads. Hackers break into the accounts and change the names to something connected to Meta or Google. They then acquire space for publicity and focus their efforts on deceiving potential victims.
As soon as they take over the verified Facebook page, the scammers make posts in which they offer security alternatives to administrators of other pages of the social network. Here’s an example:
Due to security issues for future users, you can no longer manage ad accounts in the browser. Switch to a more professional and secure tool. In order for your work to be uninterrupted, download and use it now. The new Manager is packed with new features that can better reach your target audience and automatically optimize your ads…
The message comes with a download link, which is nothing more than a virus ready to disrupt the life of the user who downloads it.
Facebook was slow to notice the scams
One of the first people to notice this kind of hacking movement was social media consultant Matt Navarra. The professional pointed out what was happening on his Twitter profile, but felt even more concerned by the fact that Meta’s social network had not noticed the scams.
First, there’s the question of how verified accounts were hacked. There are pages, for example, with more than 7 million followers and a decade of life on the platform.
Also, it’s odd that Mark Zuckerberg’s company allowed the page to be renamed to something related to itself and still keep the verification badge, like the sample above. Ultimately, the scammers were able to buy Facebook ads from the hacked product, which suggests a lack of moderation on this issue.
It took a while, but he eventually realized
After Matt Navarra’s posts on May 4 and many Twitter users tagged Meta, the company began to move.
According to TechCrunch, all criminals who were exposed on social networks lost access to the pages, which were duly disabled. However, this is not to say that the invasions have stopped.
It’s also worth pointing out that Facebook tracks and displays the entire history of changing verified account names.
A Meta spokesperson spoke about what happened:
We invest significant resources in the detection and prevention of scams and hacks. While many of the improvements we’ve made are hard to see — because they minimize people’s problems in the first place — scammers are always trying to circumvent our security measures.