Sketchy Facebook pages impersonating businesses are nothing new, but a recent spate of scams is particularly audacious. A number of verified Facebook pages were hacked and used to distribute malware-laden ads purchased through the platform. The accounts should have been easy to catch, in some cases, they were impersonating Facebook itself.

The compromised accounts included official-sounding pages such as “Meta Ads” and “Meta Ads Manager,” which shared suspicious links with tens of thousands of followers, although their reach probably extended well beyond that through paid posts. Social consultant Matt Navarra first spotted some of the ads and shared them on Twitter.

In another instance, a hacked verified account purporting to be “Google AI” pointed users towards fake links for Bard, Google’s AI chatbot. That account previously belonged to Indian singer and actress Miss Pooja before the account name was changed on April 29. That account, which operated for at least a decade, boasted more than seven million followers.

Facebook now tracks and publicly displays a history of name changes for verified accounts, but that safeguard apparently isn’t enough to flag some obvious scams. What’s most egregious in these cases is that the hacked pages were not only impersonating major tech companies, including Meta itself, but they were also able to purchase Facebook’s ads and distribute suspicious download links.

All of the impersonator pages Navarra identified have since been disabled, but the incident raises questions about Facebook’s security and the effectiveness of its automated ads system. Meta has recently shared a report on a spate of AI-themed malware scams, with hackers posing as popular AI chatbot tools like ChatGPT to lure users into downloading malware.

The DuckTail malware, which has targeted Facebook users since 2021, steals browser cookies and hijacks logged-in Facebook sessions to steal information from the victim’s Facebook account, including account information, location data, and two-factor authentication codes. The malware also allows the threat actor to hijack any Facebook Business account that the victim has access to.

Impersonator accounts and compromised business pages have long been a headache for business owners across Facebook and Instagram. Meta Verified, the company’s newly launched verification program, is positioned to improve the company’s notoriously thin level of customer support for businesses that rely on its apps. However, the price of $14.99 per month for proactive account protection may be a barrier for small businesses.

Sketchy Facebook pages impersonating businesses are nothing new, but a recent spate of scams is particularly audacious. A number of verified Facebook pages were hacked and used to distribute malware-laden ads purchased through the platform. The accounts should have been easy to catch, in some cases, they were impersonating Facebook itself.

The compromised accounts included official-sounding pages such as “Meta Ads” and “Meta Ads Manager,” which shared suspicious links with tens of thousands of followers, although their reach probably extended well beyond that through paid posts. Social consultant Matt Navarra first spotted some of the ads and shared them on Twitter.

In another instance, a hacked verified account purporting to be “Google AI” pointed users towards fake links for Bard, Google’s AI chatbot. That account previously belonged to Indian singer and actress Miss Pooja before the account name was changed on April 29. That account, which operated for at least a decade, boasted more than seven million followers.

Facebook now tracks and publicly displays a history of name changes for verified accounts, but that safeguard apparently isn’t enough to flag some obvious scams. What’s most egregious in these cases is that the hacked pages were not only impersonating major tech companies, including Meta itself, but they were also able to purchase Facebook’s ads and distribute suspicious download links.

All of the impersonator pages Navarra identified have since been disabled, but the incident raises questions about Facebook’s security and the effectiveness of its automated ads system. Meta has recently shared a report on a spate of AI-themed malware scams, with hackers posing as popular AI chatbot tools like ChatGPT to lure users into downloading malware.

The DuckTail malware, which has targeted Facebook users since 2021, steals browser cookies and hijacks logged-in Facebook sessions to steal information from the victim’s Facebook account, including account information, location data, and two-factor authentication codes. The malware also allows the threat actor to hijack any Facebook Business account that the victim has access to.

Impersonator accounts and compromised business pages have long been a headache for business owners across Facebook and Instagram. Meta Verified, the company’s newly launched verification program, is positioned to improve the company’s notoriously thin level of customer support for businesses that rely on its apps. However, the price of $14.99 per month for proactive account protection may be a barrier for small businesses.