Paid posts or how Facebook pages are hijacked

ozzi
ozzi
Mar 2 · 4 min read

Recently I read a lot about “Facebook Owner Hacks” in where pages are hijacked. It seems to be a common problem, many threads about this can be found in the Facebook Help Community (such as https://www.facebook.com/help/community/question/?id=133720507584025).

In order to understand how this work, I setup a honeypot page and built up some likes, after some time I started receiving messages such as
“Are you interested in posting articles on your page?” with prices ranging from 5 to 100 dollars per item. Bingo!

Note: All the profiles used to send those private messages used names that did not seem to bear any correlation to the profile picture.

First contact 👽

All messages to the page used the following scheme, where they assured all is “legit” and according to the “Facebook policy”. They even claim to support multiple payment options. My first guess was, that they want to be added as a page admin or similar — turns out I am wrong.

“okay dear”

“There will be no access to us” — Now I am interested and kept asking.
Turns out you are supposed to accept the “Facebook invitation”.

Even a video tutorial is included, this seems to be a pretty streamlined process . .

I never did call that number

A few minutes later I received the following email in my mailbox,

Until now it seems pretty legit, right?

After clicking on that link one is prompted to choose a username, then verify with Facebook. Please note this was not phishing but an actual Facebook Business website. All of the ticks under the password box do not seem to give “Article Beta V17.2” any access it shouldn’t, right?

After sending “proof” I was assured no posts would be made before the first payment.

Easy money 👍

When clicking around in the Facebook Business Manager, I saw that a new administrator was added:

Additionally, under “Assigned Assets” all access was grayed out:

Uh-Oh

Turns out, accepting this invitation sets the page owner to said “Article Beta” application — a page owner being outranking page admins.

Well . . . there it goes

What is perfidious about the whole thing, that Facebook never shows any notice on that a page owner will be set by accepting the link — nor gives you any possibility to reverse this action or even contact them about this problem.

When going back to the Facebook page itself, a new admin appeared shortly:

Checking his profile, our “hacker” from Pakistan seems to have a very … interesting taste in music:

That new admin did not last for long, it seems Shahzaib uses fake profiles (obviously female) to trick people into adding the seemingly harmless “Instant Posts” app to Facebook Business, then with the new access adds himself as Page Admin.

Shortly after the page is transferred to the presumed buyers, while the original admins are denoted to “Analyst”, including two new members.

“Hacked Pages Recovery Solution”

There are links pointing to a Facebook page called “Hacked Pages Recovery Solution” which is supposed to bring back your page,

This service is not performed for free however,

interesting pricing, costs less if you are female

Turns out there actually is a way to contact Facebook, but I have not figured out how yet,

This whole service makes me wonder, if this is actually part of the whole scam.

Conclusions

This whole scam seems to happen quite a lot, with people paying the scammers to receive admin privileges to pages. For what purpose I cannot tell. The posts made are from random pages.

Additional information

Here a screenshot of the “Article Beta” app:

ozzi

Written by

ozzi

white hat shenanigans

More From Medium

Top on Medium

Top on Medium

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade