Sketchy Facebook pages impersonating businesses are nothing new, but a flurry of recent scams is particularly brazen.
A handful of verified Facebook pages were hacked recently and spotted slinging likely malware through ads approved by and purchased through the platform. But the accounts should be easy to catch — in some cases, they were impersonating Facebook itself.
Social consultant Matt Navarra first spotted some of the ads, sharing them on Twitter. The compromised accounts include official-sounding pages like "Meta Ads" and "Meta Ads Manager." Those accounts shared suspicious links to tens of thousands of followers, though their reach probably extended well beyond that through paid posts.
How did this ad get approved @Meta ?
Verified account impersonating Meta tricking users into downloading shady tools pic.twitter.com/maPW6RWL3F
— Matt Navarra (@MattNavarra) May 4, 2023
In another instance, a hacked verified account purporting to be "Google AI" pointed users toward fake links for Bard, Google's AI chatbot. That account previously belonged to Indian singer and actress Miss Pooja before the account name was changed on April 29. That account, which operated for at least a decade, boasted more than 7 million followers.
It gets worse…!
And it’s running are against the post! pic.twitter.com/fbe5utA53D
— Matt Navarra (@MattNavarra) May 5, 2023
Facebook now tracks and publicly displays a history of name changes for verified accounts — a welcome bit of transparency but a safeguard that apparently isn't enough to flag some obvious scams.
What's most egregious in these cases is that the hacked pages were not only impersonating major tech companies, including Meta itself, but that they were able to purchase Facebooks ads and go on to distribute suspicious download links. In spite of very recent account name changes, those ads were apparently approved without issue in Meta's automated ads system.
All of the impersonator pages Navarra identified have since been disabled.
This week, Meta shared a report on a recent spate of AI-themed malware scams. In those instances, hackers lure Facebook, Instagram and WhatsApp users to download malware by posing as popular AI chatbot tools like ChatGPT. One of those clusters of malware known as DuckTail has been plaguing businesses on Facebook for a few years now.
As TechCrunch's Carly Page explained this week:
Meta says that attackers distributing the DuckTail malware have increasingly turned to these AI-themed lures in an attempt to compromise businesses with access to Facebook ad accounts. DuckTail, which has targeted Facebook users since 2021, steals browser cookies and hijacks logged-in Facebook sessions to steal information from the victim’s Facebook account, including account information, location data and two-factor authentication codes. The malware also allows the threat actor to hijack any Facebook Business account that the victim has access to.
It's possible that the Facebook pages that impersonated Facebook and went on to buy malware-laden ads were compromised through DuckTail or malware like it.
"We invest significant resources into detecting and preventing scams and hacks," a Meta spokesperson told TechCrunch. "While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures."
Impersonator accounts and compromised business pages have long been a headache for business owners across Facebook and Instagram. Meta Verified, the company's newly launched verification program, is positioned to improve the company's notoriously thin level of customer support for businesses that rely on its apps. Controversially, Meta's promising offer of "proactive account protection" isn't a free improvement — Instagram and Facebook accounts will need to pay $14.99 a month to secure the higher level of customer support, a price many businesses will likely begrudgingly pay to avoid drowning in a sea of scam accounts.