A U.S. government agency had its Facebook page hacked over the weekend, exposing its 75,000 followers to a potential scam.
The United States Agency of International Development’s Colombia office posted a warning on X Saturday telling users to ignore messages and posts from the compromised Facebook page.
A screenshot accompanying the warning showed the USAID Colombia Facebook page had its name changed to “Review Profile Violations. See why” and its profile picture changed to the Facebook logo, suggesting that the hijackers aimed to use the page to impersonate Facebook staff.
The US Embassy in Bogotá, Colombia also posted a warning and official statement on X that mentions the agencies were actively working to restore account security and investigate the scope of the breach.
The USAID Colombia Facebook page was not visible as of Monday afternoon; a message reading “This content isn’t available right now” was displayed by Facebook when attempting to visit the page.
A USAID spokesperson told SC Media the unauthorized access was immediately reported to Meta and that the issue was resolved; however, the page still appeared to be unavailable at the time of writing.
The USAID did not respond to questions about how the account was breached and whether multi-factor authentication was used on the compromised account.
The dangers of hacked Facebook business and government accounts
The apparent scam promoted by the hijackers of the USAID Colombia Facebook page is similar to one reported by Trend Micro in 2021. The scammers use the scare tactic of tricking users into thinking their Facebook account is in danger of deletion due to policy violations.
Victims in these types of Facebook scams are fooled into clicking malicious links and/or convinced to provide personal information to the scammer. They may believe they are clicking a link to access an appeal form or are submitting information to Facebook staff to save their account from deletion.
Government and business social media accounts may be targeted by hackers in order to leverage high follower counts, “verified” status or overall trust in the entity being impersonated.
Earlier this month, the U.S. Securities and Exchange Commission (SEC) had its X account hacked in a SIM swapping attack and was used to post a fake announcement about Bitcoin regulations, which significantly influenced Bitcoin prices in the following hours.
Account takeovers of several businesses on the X social media platform, including Mandiant and Netgear, have also made news this month, with hijackers using the stolen accounts to promote cyptocurrency scams and wallet drainers.
Facebook pages for businesses and organizations work differently from pages on X, as these Facebook pages can only be accessed via a separate personal profile. This means a hacker must control the personal account of a page administrator in order to hijack the Facebook page itself.
This could mean hacking a personal account first and/or social-engineering an administrator to grant the hacker admin rights. With this level of access, the hijacker can not only share posts, send messages and change profile details, but also publish unauthorized Facebook ads, as seen in previous campaigns targeting business accounts.
Meta’s Business Help Center directs users to facebook.com/hacked for help securing a compromised personal accounts, as well as a separate webpage specifically for reporting that a page was hijacked.
Facebook has long been a popular target for hackers, with a 2021 survey by NordVPN showing 77% of social media hacking victims said their Facebook account was hacked.
