In a recent wave of scams on Facebook, a number of verified pages were hacked and used to promote malware through ads that were approved and purchased on the platform. Some of these pages went so far as to impersonate Facebook itself, with names like “Meta Ads” and “Meta Ads Manager,” and shared suspicious links with tens of thousands of followers.

Social consultant Matt Navarra first discovered these ads and shared them on Twitter. In another instance, a hacked verified account that used to belong to Indian singer and actress Miss Pooja was changed to purport to be “Google AI” and pointed users to fake links for Bard, Google’s AI chatbot. This account had over 7 million followers and had been operational for at least a decade.

Although Facebook tracks and publicly displays a history of name changes for verified accounts, it seems that this safeguard wasn’t enough to flag these obvious scams. The most concerning aspect of these incidents is that the compromised pages were able to purchase Facebook ads and distribute suspicious download links. Despite recent account name changes, these ads were approved without issue in Meta’s automated ads system.

All the impersonator pages identified by Navarra have since been disabled, but this doesn’t solve the larger issue of compromised pages and impersonator accounts on Facebook and Instagram. To combat this problem, Meta has launched its verification program, Meta Verified, which promises “proactive account protection” for a monthly fee of $14.99. This higher level of customer support could be a lifeline for businesses that rely on Facebook and Instagram, but it’s yet another expense for them to bear.

According to a Meta spokesperson, the company invests significant resources into detecting and preventing scams and hacks. While many of the improvements the company has made are invisible to users, scammers are constantly finding ways to bypass its security measures. Meta’s recently released report on a spate of AI-themed malware scams indicates that attackers are increasingly using popular AI chatbot tools like ChatGPT to lure users into downloading malware.

This type of malware, known as DuckTail, has been targeting Facebook users since 2021, stealing browser cookies and hijacking logged-in Facebook sessions to steal information from users’ accounts. It’s possible that the Facebook pages that purchased malware-laden ads were compromised through DuckTail or similar malware.

While Meta continues to work on improving its security measures, it’s important for users to remain vigilant and avoid clicking on suspicious links. Businesses should also consider investing in Meta Verified to protect their accounts and avoid falling victim to these types of scams.

In a recent wave of scams on Facebook, a number of verified pages were hacked and used to promote malware through ads that were approved and purchased on the platform. Some of these pages went so far as to impersonate Facebook itself, with names like “Meta Ads” and “Meta Ads Manager,” and shared suspicious links with tens of thousands of followers.

Social consultant Matt Navarra first discovered these ads and shared them on Twitter. In another instance, a hacked verified account that used to belong to Indian singer and actress Miss Pooja was changed to purport to be “Google AI” and pointed users to fake links for Bard, Google’s AI chatbot. This account had over 7 million followers and had been operational for at least a decade.

Although Facebook tracks and publicly displays a history of name changes for verified accounts, it seems that this safeguard wasn’t enough to flag these obvious scams. The most concerning aspect of these incidents is that the compromised pages were able to purchase Facebook ads and distribute suspicious download links. Despite recent account name changes, these ads were approved without issue in Meta’s automated ads system.

All the impersonator pages identified by Navarra have since been disabled, but this doesn’t solve the larger issue of compromised pages and impersonator accounts on Facebook and Instagram. To combat this problem, Meta has launched its verification program, Meta Verified, which promises “proactive account protection” for a monthly fee of $14.99. This higher level of customer support could be a lifeline for businesses that rely on Facebook and Instagram, but it’s yet another expense for them to bear.

According to a Meta spokesperson, the company invests significant resources into detecting and preventing scams and hacks. While many of the improvements the company has made are invisible to users, scammers are constantly finding ways to bypass its security measures. Meta’s recently released report on a spate of AI-themed malware scams indicates that attackers are increasingly using popular AI chatbot tools like ChatGPT to lure users into downloading malware.

This type of malware, known as DuckTail, has been targeting Facebook users since 2021, stealing browser cookies and hijacking logged-in Facebook sessions to steal information from users’ accounts. It’s possible that the Facebook pages that purchased malware-laden ads were compromised through DuckTail or similar malware.

While Meta continues to work on improving its security measures, it’s important for users to remain vigilant and avoid clicking on suspicious links. Businesses should also consider investing in Meta Verified to protect their accounts and avoid falling victim to these types of scams.