Hacked verified accounts on Facebook are now impersonating Meta, purchasing ads on the social network and allegedly luring users into clicking suspicious download links.
A handful of verified Facebook pages were hacked recently and spotted slinging likely malware through ads approved by and purchased through the platform. But the accounts should be easy to catch -- in some cases, they were impersonating Facebook itself.
Social media consultant Matt Navarra first spotted some of the ads and posted them on Twitter.
"How did this ad get approved @Meta? Verified account impersonating Meta tricking users into downloading shady tools," he tweeted with the screenshot of a fake Meta ad.
It was not an isolated case and another verified Facebook account was hacked and it's pretending to be 'Google AI', pointing Facebook users toward fake links for Bard, Google's AI chatbot.
"That account previously belonged to Indian singer and actress Miss Pooja before the account name was changed on April 29,“ reports TechCrunch.
"That account, which operated for at least a decade, boasted more than 7 million followers," the report mentioned.
The compromised accounts include official-sounding pages like “Meta Ads'” and “Meta Ads Manager”.
Those accounts shared suspicious links to tens of thousands of followers.
A Meta spokesperson said that the group invest significant resources into detecting and preventing scams and hacks.
"While many of the improvements we've made are difficult to see - because they minimise people from having issues in the first place, scammers are always trying to get around our security measures," the spokesperson was quoted as saying.
Last week, Meta discovered malware creators who are taking advantage of the public's interest in ChatGPT and using this interest to entice users into downloading harmful applications and browser extensions.
The company compared this phenomenon to cryptocurrency scams, as both tactics exploit people's curiosity and trust to gain access to sensitive information.
It found around 10 malware families posing as ChatGPT and similar tools to compromise accounts across the internet.
"Over the past several months, we've investigated and taken action against malware strains taking advantage of people's interest in OpenAI's ChatGPT to trick them into installing malware pretending to provide AI functionality," Meta wrote in its security report.