Scammers hack verified Facebook pages to impersonate Meta

If you see a verified page, complete with the blue checkmark, on Facebook…don’t automatically assume that page is legit.

Mashable can confirm that a number of fake Facebook business pages have been masquerading as businesses such as Google and even Meta itself.

In all of the pages viewed by Mashable, the verified Facebook pages appear to have been hacked, with their page name and Facebook URL changed in the past week. Some of these pages had millions of followers. Each display a blue verification badge that says “Facebook confirmed this profile is authentic.”

This is not a real, verified Meta Ads page. The page once belonged to a school in Turkey and has been hacked.
Credit: Mashable Screenshot

However, most concerning is that each hacked page was approved to run ads across Facebook’s network and every one appears to have been doing so. It’s unclear just how far reaching these scam ads went and how many Facebook users have potentially fallen victim.

The scam ads direct users to click a fake Google or Facebook URL where they are brought to a bogus Google Sites page impersonating the company. Once on the page, the user is directed to download supposed Facebook Ad tools or Google AI software, depending on which ad they clicked. In the file links viewed by Mashable, users were directed to a .rar file hosted on a Trello page which very likely contains malware.

This page once belonged to Indian singer Miss Pooja. It is not an official Google page.
Credit: Mashable Screenshot

In every case viewed by Mashable, page managers were added to these hacked pages from numerous countries that had no connection to the location of where the original page owners were based. While not automatically indicative of anything as social media managers can be located anywhere, each hacked page did include 3 page managers from Vietnam, a hotbed of scammer activity on Facebook as previously reported by Mashable.

Several hacked pages had millions of followers

The largest hacked page appears to have belonged to Miss Pooja, a famous singer in India. The page has over 7 million followers. On April 29, the page name was changed to “Google AI.” The URL was also changed to “facebook.com/Google.BardAI2”.

The Facebook page details show the name changes over time.
Credit: Mashable Screenshot

On May 3, the page started running ads on Facebook, including one that included the copy “NOTIFICATION This is the only and official Google Bard PAGE with verification, all other pages are fake.” The ads directed users to visit domains like “aifuture.wiki” and “bardai.bio.” 

The fake Google page ran this as an ad on Facebook.
Credit: Mashable Screenshot

If a user clicked on one of these links, they were taken to one of the aforementioned fake Google Sites pages purporting to be an official Google website. For these particular ads, a user was taken to a page titled “Google AI Marketing” where they were asked to “Download Google AI Marketing.” Clicking on that link would automatically download a malicious “Google_AI_Marketing.rar” file, which was hosted at Trello, a popular project management tool.

The fake Google page’s ads directed users to this fake website.
Credit: Mashable Screenshot

Miss Pooja wasn’t the only star from India who was targeted. Indian singer-songwriter Babbu Maan also had his verified Facebook page, with 3 million followers, hacked. Maan’s page was soon changed to “Meta Ads,” which ran Facebook ads with similar copy as the fake Google page. These ads, however, pushed used to a “metaadstools.com” domain.

Babbu Maan’s original page URL remained on the fake Meta Ads page.
Credit: Mashable Screenshot

Düzce Üniversitesi, a university in Turkey, also had its verified page with more than 28,000 followers, hacked. Its Facebook page was also quickly disguised as an official “Meta Ads” page, complete with the Meta logo as its profile picture. It too had began running ads but to the domain “fbadstools.com.”

Both hacked page impersonating Meta attempted to trick users into downloading a “Meta Ads Manager” tool. The link would download a malicious file titled “Facebook_Ads_Manager.rar” which was also hosted at Trello.

A screenshot of the fake website setup to promote a malicious “Facebook Ads Manager” tool.
Credit: Mashable screenshot

Over the past few days, warnings had began to spread about these fake pages in various different Software-as-a-Service (SaaS) and social media groups on Facebook. Matt Navarra, a prominent social media consultant, proceeded to highlight the issue(opens in a new tab) as well in the past day.

Mashable has reached out to Meta for more information. All hacked Facebook pages that Mashable had viewed have since been removed from the platform.

While it appears that the hacked Facebook pages had all received verification from Facebook prior to its new paid verification system, Meta Verified, the new feature allowing users to pay for a blue checkmark could potentially cause additional problems. 

Even if Meta specifically verifies each one, these latest hacks show how scammers can take over an existing verified page to trick users. And, with anyone now able to pay $15 for verification, the pool of potential targets for hackers to go after to perpetuate their scams just grew significantly.