Verified Facebook accounts are being hacked, their usernames changed, and their posts display ads with fishy links bought through Facebook Ads.
Matt Navarra, a social consultant and industry specialist, brought this to public notice on Friday when he showed two separate examples of a scam taking place in broad daylight, or blue light, on Twitter. As Facebook now tracks names and displays past name change history for all verified accounts, this is what caught Matt Navarra’s attention.
Such hacked and verified accounts, including that of an Indian singer named Miss Pooja who has had an account on Facebook for the past 10 years, are being used to impersonate Meta itself among other official accounts.
The hacked verified pages are renamed to ‘Meta Ads’ and ‘Meta Ads Manager’, and they have been posting a link, asking the previous owners’ multitude of followers to click on the malicious link.
These posts have ‘Sponsored’ written below their name and have purchased Facebook ads to spread their reach for the malicious post. These accounts hide malware in simple files, mobile apps, or browser extensions as well as in popular topics to lure people into clicking on them and downloading the virus-infested file.
Another example included a similarly hacked verified account acting as ‘Google AI’ and duping users into clicking on a link leading to Bard AI, Google’s chatbot.
When you head to this page’s Page transparency, you can view its current name history which has been changed recently on April 29, 2023. This page was previously under an Indian actress called Miss Pooja for 10 years.
On May 3, Facebook released new updates to protect businesses from being hacked on their platform which includes a verification program among other improvements. They brought attention to how scammers go for personal accounts of people who manage businesses and have advertising accounts.
According to Facebook, such malicious activity focuses on today’s popular themes where users download malware on the promise of downloading ChatGPT, Google Bard, and other tools.
This does not help business owners on any front, as they might have to pay extra for valid customer support if they want their business to thrive scam-free on either Instagram or Facebook. If a business falls into such scams, then hackers can use paid promotion to reach out to thousands of people and trick them into clicking on malware links on official-looking posts.
Also read: Anonymous security researcher finds 655GB Capita database left exposed since 2016