Scammers hack verified Facebook pages to impersonate Meta and Google

Share

If you see a verified page, complete with the blue checkmark, on Facebook…don’t automatically assume that page is legit.

Mashable can confirm that a number of fake Facebook business pages have been masquerading as companies such as Google and even Meta itself.

In all of the pages viewed by Mashable, the verified Facebook pages appear to have been hacked, with their page name and Facebook URL changed in the past week. Some of these pages had millions of followers. Each display a blue verification badge that says “Facebook confirmed this profile is authentic.”

Hacked verified Facebook Page.
This is not a real, verified Meta Ads page. The page once belonged to a school in Turkey and has been hacked.
Credit: Mashable Screenshot

However, most concerning is that each hacked page was approved to run ads across Facebook’s network and every one appears to have been doing so. It’s unclear just how far reaching these scam ads went and how many Facebook users have potentially fallen victim.

The scam ads direct users to click a fake Google or Facebook URL where they are brought to a bogus Google Sites page impersonating the company. Once on the page, the user is directed to download supposed Facebook Ad tools or Google AI software, depending on which ad they clicked. In the file links viewed by Mashable, users were directed to a .rar file hosted on a Trello page which very likely contains malware.

Miss Pooja hacked page
This page once belonged to Indian singer Miss Pooja. It is not an official Google page.
Credit: Mashable Screenshot

In every case viewed by Mashable, page managers were added to these hacked pages from numerous countries that had no connection to the location of where the original page owners were based. While not automatically indicative of anything as social media managers can be located anywhere, each hacked page did include 3 page managers from Vietnam, a hotbed of scammer activity on Facebook as previously reported by Mashable.

Several hacked pages had millions of followers

The largest hacked page appears to have belonged to Miss Pooja, a famous singer in India. The page has over 7 million followers. On April 29, the page name was changed to “Google AI.” The URL was also changed to “facebook.com/Google.BardAI2”.

Miss Pooja page
The Facebook page details show the name changes over time.
Credit: Mashable Screenshot

On May 3, the page started running ads on Facebook, including one that included the copy “NOTIFICATION This is the only and official Google Bard PAGE with verification, all other pages are fake.” The ads directed users to visit domains like “aifuture.wiki” and “bardai.bio.” 

Fake Google page ad
The fake Google page ran this as an ad on Facebook.
Credit: Mashable Screenshot

If a user clicked on one of these links, they were taken to one of the aforementioned fake Google Sites pages purporting to be an official Google website. For these particular ads, a user was taken to a page titled “Google AI Marketing” where they were asked to “Download Google AI Marketing.” Clicking on that link would automatically download a malicious “Google_AI_Marketing.rar” file, which was hosted at Trello, a popular project management tool.

Fake Google page
The fake Google page’s ads directed users to this fake website.
Credit: Mashable Screenshot

Miss Pooja wasn’t the only star from India who was targeted. Indian singer-songwriter Babbu Maan also had his verified Facebook page, with 3 million followers, hacked. Maan’s page was soon changed to “Meta Ads,” which ran Facebook ads with similar copy as the fake Google page. These ads, however, pushed used to a “metaadstools.com” domain.

Fake Meta Ads page
Babbu Maan’s original page URL remained on the fake Meta Ads page.
Credit: Mashable Screenshot

Düzce Üniversitesi, a university in Turkey, also had its verified page with more than 28,000 followers, hacked. Its Facebook page was also quickly disguised as an official “Meta Ads” page, complete with the Meta logo as its profile picture. It too began running ads but to the domain “fbadstools.com.”

Both hacked page impersonating Meta attempted to trick users into downloading a “Meta Ads Manager” tool. The link would download a malicious file titled “Facebook_Ads_Manager.rar” which was also hosted at Trello.

Fake Facebook website
A screenshot of the fake website setup to promote a malicious “Facebook Ads Manager” tool.
Credit: Mashable screenshot

Over the past few days, warnings began to spread about these fake pages in various different Software-as-a-Service (SaaS) and social media groups on Facebook. Matt Navarra, a prominent social media consultant, proceeded to highlight the issue as well in the past day.

“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson said in a statement provided to Mashable. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures. We regularly improve our methods for combating these scams and have built teams dedicated to improving the support we can offer to people and businesses.”

It should be noted as well that Meta released a security report about the concerning new types of malware it was seeing across its platform and the web as a whole just earlier this week. Some of the threats Meta described overlap with the type of scams being promoted by these pages.

All hacked Facebook pages that Mashable had viewed have since been removed from the platform.

While it appears that the hacked Facebook pages had all received verification from Facebook prior to its new paid verification system, Meta Verified, the new feature allowing users to pay for a blue checkmark could potentially cause additional problems. 

Even if Meta specifically verifies each one, these latest hacks show how scammers can take over an existing verified page to trick users. And, with anyone now able to pay $15 for verification, the pool of potential targets for hackers to go after to perpetuate their scams just grew significantly.

UPDATE: May. 5, 2023, 4:30 p.m. EDT This story was updated to include a statement from Meta.

Source : Scammers hack verified Facebook pages to impersonate Meta and Google