Verified Facebook accounts are being hacked to spread malware - here's how you can stay safe

Facebook on laptop
(Image credit: Luca Sammarco/Pexels)

Hackers have been detected breaking into popular verified Facebook pages and using them to run ads on the social media behemoth distributing malware

Social consultant Matt Navarra first spotted the malicious campaign, outlining the danger on Twitter. 

Navarra noted whoever is behind the campaign first targeted popular Facebook pages (one of the victims has more than seven million followers and has been active for over a decade). Should they gain access, they would change the page’s name into a variant of Meta (Facebook’s parent company), or Google

Cheeky scams

Then, they would purchase an ad on the social media network, in which they would target page managers and advertising professionals. “Because of security issues for upcoming users, you can no longer manage ad accounts in the browser,” the ad reads. “Switch to a more professional and secure tool,” the ad concludes, before sharing an obviously fraudulent download link.

There are multiple issues with this campaign, Navarra says, including how the accounts were breached, how Facebook allowed the threat actors to change the page’s name into something seemingly related to Meta and keep the blue checkmark, and how they managed to actually buy and run ads which are obviously redirecting the target audience to a shady website, at best. 

Facebook has since disabled all of the affected accounts, and shut down the malicious campaigns, TechCrunch further reported. It also said that Facebook pages now show if the page changed its name in the past, and from what, which is a welcome addition to bolster transparency. 

“We invest significant resources into detecting and preventing scams and hacks,” a Meta spokesperson told TechCrunch. “While many of the improvements we’ve made are difficult to see – because they minimize people from having issues in the first place – scammers are always trying to get around our security measures.”

Via: TechCrunch

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.