Facebook’s verification program criticized as scammers continue to exploit pages and ads

Share via:

Sketchy Facebook pages impersonating businesses are nothing new, but a recent spate of scams is particularly audacious. A number of verified Facebook pages were hacked and used to distribute malware-laden ads purchased through the platform. The accounts should have been easy to catch, in some cases, they were impersonating Facebook itself.

The compromised accounts included official-sounding pages such as “Meta Ads” and “Meta Ads Manager,” which shared suspicious links with tens of thousands of followers, although their reach probably extended well beyond that through paid posts. Social consultant Matt Navarra first spotted some of the ads and shared them on Twitter.

In another instance, a hacked verified account purporting to be “Google AI” pointed users towards fake links for Bard, Google’s AI chatbot. That account previously belonged to Indian singer and actress Miss Pooja before the account name was changed on April 29. That account, which operated for at least a decade, boasted more than seven million followers.

Facebook now tracks and publicly displays a history of name changes for verified accounts, but that safeguard apparently isn’t enough to flag some obvious scams. What’s most egregious in these cases is that the hacked pages were not only impersonating major tech companies, including Meta itself, but they were also able to purchase Facebook’s ads and distribute suspicious download links.

All of the impersonator pages Navarra identified have since been disabled, but the incident raises questions about Facebook’s security and the effectiveness of its automated ads system. Meta has recently shared a report on a spate of AI-themed malware scams, with hackers posing as popular AI chatbot tools like ChatGPT to lure users into downloading malware.

The DuckTail malware, which has targeted Facebook users since 2021, steals browser cookies and hijacks logged-in Facebook sessions to steal information from the victim’s Facebook account, including account information, location data, and two-factor authentication codes. The malware also allows the threat actor to hijack any Facebook Business account that the victim has access to.

“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see because they minimize people from having issues in the first place, scammers are always trying to get around our security measures.”

Impersonator accounts and compromised business pages have long been a headache for business owners across Facebook and Instagram. Meta Verified, the company’s newly launched verification program, is positioned to improve the company’s notoriously thin level of customer support for businesses that rely on its apps. However, the price of $14.99 per month for proactive account protection may be a barrier for small businesses.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Facebook’s verification program criticized as scammers continue to exploit pages and ads

Sketchy Facebook pages impersonating businesses are nothing new, but a recent spate of scams is particularly audacious. A number of verified Facebook pages were hacked and used to distribute malware-laden ads purchased through the platform. The accounts should have been easy to catch, in some cases, they were impersonating Facebook itself.

The compromised accounts included official-sounding pages such as “Meta Ads” and “Meta Ads Manager,” which shared suspicious links with tens of thousands of followers, although their reach probably extended well beyond that through paid posts. Social consultant Matt Navarra first spotted some of the ads and shared them on Twitter.

In another instance, a hacked verified account purporting to be “Google AI” pointed users towards fake links for Bard, Google’s AI chatbot. That account previously belonged to Indian singer and actress Miss Pooja before the account name was changed on April 29. That account, which operated for at least a decade, boasted more than seven million followers.

Facebook now tracks and publicly displays a history of name changes for verified accounts, but that safeguard apparently isn’t enough to flag some obvious scams. What’s most egregious in these cases is that the hacked pages were not only impersonating major tech companies, including Meta itself, but they were also able to purchase Facebook’s ads and distribute suspicious download links.

All of the impersonator pages Navarra identified have since been disabled, but the incident raises questions about Facebook’s security and the effectiveness of its automated ads system. Meta has recently shared a report on a spate of AI-themed malware scams, with hackers posing as popular AI chatbot tools like ChatGPT to lure users into downloading malware.

The DuckTail malware, which has targeted Facebook users since 2021, steals browser cookies and hijacks logged-in Facebook sessions to steal information from the victim’s Facebook account, including account information, location data, and two-factor authentication codes. The malware also allows the threat actor to hijack any Facebook Business account that the victim has access to.

“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see because they minimize people from having issues in the first place, scammers are always trying to get around our security measures.”

Impersonator accounts and compromised business pages have long been a headache for business owners across Facebook and Instagram. Meta Verified, the company’s newly launched verification program, is positioned to improve the company’s notoriously thin level of customer support for businesses that rely on its apps. However, the price of $14.99 per month for proactive account protection may be a barrier for small businesses.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

How B2B Fintech Is Revolutionising Banking Tech

SUMMARY B2B fintech sector is geared towards finding solutions...

India’s Edtech Reset — The Aftermath Of The Golden...

India’s edtech startups have been stuck in an...

Entrepreneur Marc Lore on ‘founder mode,’ bad hires, and...

Entrepreneur Marc Lore has already sold two companies...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!