If you see a verified, blue-checked page on Facebook… don’t automatically assume that page is legit.
Mashable can confirm that a number of fake Facebook business pages have impersonated companies such as Google and even Meta itself.
In all pages viewed by Mashable, the verified Facebook pages appear to have been hacked, with their page name and Facebook URL changed within the last week. Some of these pages had millions of subscribers. Each displays a blue verification badge that reads “Facebook has confirmed that this profile is genuine.”
This is not a real verified Meta Ads page. The page once belonged to a school in Türkiye and was hacked.
Credit: Mashable screenshot
However, most concerning is that each hacked page has been approved to run ads on Facebook’s network and everyone seems to have done so. It’s unclear how far these scam ads went and how many Facebook users potentially fell victim to them.
Fraudulent advertisements trick users into clicking on a fake Google or Facebook URL where they are taken to a fake Google Sites page impersonating the company. Once on the page, the user is prompted to download the supposed Facebook Ad tools or the Google AI software, depending on the ad they clicked on. In the file links viewed by Mashable, users were directed to a .rar file hosted on a Trello page that most likely contains malware.
This page once belonged to Indian singer Miss Pooja. This is not an official Google page.
Credit: Mashable screenshot
In all cases seen by Mashable, page handlers were added to these hacked pages from many countries that had no connection to the location where the original page owners were based. Although this does not automatically indicate anything, as social media handlers can be located anywhere, each hacked page included 3 page handlers from Vietnam, a hotbed of fraudulent activity on Facebook like Previously reported by Mashable.
Several hacked pages had millions of subscribers
The largest hacked page appears to have belonged to Miss Pooja, a famous Indian singer. The page has over 7 million followers. On April 29, the page’s name was changed to “Google AI”. The URL has also changed to “facebook.com/Google.BardAI2”.
Facebook page details show name changes over time.
Credit: Mashable screenshot
On May 3, the page began running Facebook ads, including one that included the copy “NOTIFICATION This is the only and official Google Bard PAGE with verification, all other pages are fake”. The advertisements directed users to visit domains such as “aifuture.wiki” and “bardai.bio”.
The fake Google page ran this as a Facebook ad.
Credit: Mashable screenshot
If a user clicked on one of these links, they were redirected to one of the aforementioned fake Google Sites pages claiming to be an official Google website. For these particular ads, a user was redirected to a page titled “Google AI Marketing” where they were asked to “Download Google AI Marketing”. Clicking this link would automatically download a malicious “Google_AI_Marketing.rar” file, which was hosted at Trello, a popular project management tool.
Advertisements from fake Google page directed users to this fake website.
Credit: Mashable screenshot
Miss Pooja was not the only Indian star targeted. Indian singer-songwriter Babbu Maan also had his verified Facebook page, with 3 million followers, hacked. Maan’s page was soon replaced by “Meta Ads”, which ran Facebook ads with copy similar to the fake Google page. These ads, however, were used for a “metaadstools.com” domain.
Babbu Maan’s original page URL remained on the fake Meta Ads page.
Credit: Mashable screenshot
Düzce Üniversitesi, a university in Turkey, also had its verified page with over 28,000 followers hacked. Its Facebook page was also quickly disguised as the official “Meta Ads” page, with the Meta logo as its profile picture. It also started showing ads, but on the “fbadstools.com” domain.
The two hacked pages posing as Meta attempted to trick users into downloading a “Meta Ads Manager” tool. The link downloaded a malicious file titled “Facebook_Ads_Manager.rar” which was also hosted at Trello.
A screenshot of fake website setup to promote “Facebook Ads Manager” malicious tool.
Credit: Mashable screenshot
Over the past few days, warnings have started spreading about these fake pages in different software as a service (SaaS) and social media groups on Facebook. Matt Navarra, a prominent social media consultant, proceeded to point out the problem(opens in a new tab) also in the past day.
Mashable has contacted Meta for more information. All of the hacked Facebook pages that Mashable had viewed have since been removed from the platform.
Although it seems that the hacked Facebook pages all received verification from Facebook before its new paid verification system, Meta checkedthe new feature allowing users to pay for a blue tick could potentially cause additional problems.
Even though Meta specifically verifies each, these latest hacks show how scammers can take over an existing verified page to trick users. And, with anyone now able to pay $15 for verification, the pool of potential targets for hackers to pursue to perpetuate their scams has just grown significantly.
