A new wave of cyberattacks has been discovered, targeting verified Facebook accounts with the intent of running ads that spread malware across the social media platform.
The malicious campaign was first identified by social consultant Matt Navarra, who shared the alarming information on Twitter.
Understanding the threat
The attackers behind this campaign focused on infiltrating popular Facebook pages, some with millions of followers and extensive active periods. Once they gained control, they would alter the page name to resemble Meta, Facebook’s parent company, or Google.
Next, the cybercriminals purchased Facebook ads aimed at page managers and advertising professionals. These ads falsely claimed that, due to security concerns, users could no longer manage ad accounts in the browser. They then urged users to switch to a “more secure and professional tool,” offering a deceptive download link.
Navarra highlighted several alarming aspects of this campaign, such as the methods used to breach the accounts, Facebook’s allowance of name changes that mimicked Meta while keeping the verification checkmark, and the successful purchase and execution of ads that clearly redirected users to dubious websites.
Taking action and staying safe
In response to these threats, Facebook has disabled all compromised accounts and terminated the malicious campaigns, according to TechCrunch. To increase transparency, the platform now shows any previous name changes for Facebook pages.
A spokesperson from Meta commented on the situation, stating, “We invest significant resources into detecting and preventing scams and hacks. Although many of the improvements we’ve made are difficult to see because they minimize people from having issues in the first place scammers are always trying to circumvent our security measures.”
To protect yourself from similar threats, remain cautious when interacting with ads, avoid clicking on untrustworthy links, and report any suspicious content to Facebook. Additionally, update your passwords regularly and enable two-factor authentication to strengthen your account security.
{{user}} {{datetime}}
{{text}}