A recent wave of hacks targeting verified Facebook pages has raised concerns about the security of the platform. Several official-sounding pages, such as “Meta Ads” and “Meta Ads Manager,” were compromised and used to share suspicious links through ads approved by and purchased through Facebook. Social consultant Matt Navarra first spotted the scam, which likely targeted tens of thousands of users.
How did this ad get approved @Meta ?
😬
Verified account impersonating Meta tricking users into downloading shady tools pic.twitter.com/maPW6RWL3F
— Matt Navarra (@MattNavarra) May 4, 2023
In another case, a hacked account impersonating “Google AI” directed users to fake links for Bard, Google’s AI chatbot. The account, which previously belonged to Indian singer and actress Miss Pooja, had more than 7 million followers. Facebook now tracks and publicly displays a history of name changes for verified accounts, but this has not been enough to prevent these scams.
The most concerning aspect of these incidents is that the hacked pages were not only impersonating major tech companies, such as Meta and Google, but they were also able to purchase Facebook ads and distribute suspicious download links. Despite recent account name changes, Meta’s automated ads system approved these ads without issue.
All of the impersonator pages Navarra identified have since been disabled. This week, Meta shared a report on a recent spate of AI-themed malware scams targeting Facebook, Instagram, and WhatsApp users. Hackers have been posing as popular AI chatbot tools like ChatGPT to lure users into downloading malware, such as the DuckTail malware, which has been targeting businesses on Facebook for years.
It is possible that the compromised Facebook pages were a result of the DuckTail malware or similar threats. Meta has stated that it invests significant resources in detecting and preventing scams and hacks, but scammers continue to find ways to bypass security measures.
Impersonator accounts and compromised business pages have long been a challenge for businesses on Facebook and Instagram. Meta Verified, the company’s new verification program, aims to improve customer support for businesses that rely on its apps. However, the “proactive account protection” offered by the program comes at a cost of $14.99 per month, a price that many businesses will likely pay to avoid being inundated with scam accounts.
