Warning: Do not click any links people send to your Fanpages. You may instantly lose your page

This is probably old news to some, but for me, it’s a first. Usually, when scammers try to take over your Fanpage, they will send a Business Ownership request to your page under some fake business name like “Instant Articles”. Well, this method I’ve experienced last night is different. You only have to click a link and you’re instantly a part of the scammers business, which gives him full control over your pages. No confirmations, no anything. Just boom, they’re in.

This is what happens when you click the link:

The link looks very innocent, they use an FB.me URL. Below is a live link one of our ViralAccounts clients fell for last night (DO NOT PRESS IT IF YOU HAVE THINGS YOU CARE ABOUT UNDER YOUR ACCOUNT):

WARNING THE FOLLOWING LINK IS A LIVE LINK OF THE SCAMMERS BUSINESS.

Only press if you’re willing to risk it. I am posting it here for educational purposes, so we can learn the tricks of these lowlives. (It’s blurred out so you don’t accidentally click it. To see the link, click the blur).

Thanks to this trick, someone lost a premium 800K Fanpage which we were getting ready to purchase on our other site.

So, I want to know, is this something new? Or am I getting rusty? Because how do you defend yourself from this type of thing? You can pretty much convince anyone to click a link these days.

5 Likes

So many names like. blue verification, facebook adverts etc…

This is age old method which I have seen here ppl discussing about it… (Including me)

Remember one indian guy whom I asked his profile hacked almost 30+ pages… He did that with this method…

1 Like

Why can’t we contact Facebook to have this patched? This seems like an exploit to where a user instantly accepted just by visiting a link.

This thing is not a bug to be patched, we are accepting the invitation from facebook not an external. It is live for businesses who transfer the ownership…

Sure it is. They can make a prompt warning the user so they’re not auto-accepted.

2 Likes

Yes,

THAT SUCKS!
This is old news though

When I find time I might make a thread with the ways people can steal pages through links etc ( that I came across of )

1 Like

Be careful guys.

1 Like

Thank u for that info… I want to share something that plz link ur instagram account to fanpage… coz nobody can stolen your page via bussiness manager or any other link… This is best way to keep your page safe…

1 Like

My friend’s 318k highly active page got hacked by this method just a few hours ago… I never expected this scam to spread so fast… We have the profile of the scammer and the screenshots of the messages but I don’t think FB will do anything… He sent a mail to ip@fb.com with everything but I doubt that his page will be recovered.

Edit: Also, the funny thing is that the page was already in a business manager of ANOTHER admin, but even then the page got hacked through just a normal admin not in the BM.

I’ve reported this via their bug bounty form (not expecting a bounty, I just want this to be seen by someone who cares). I will let you know once (if) they respond.

These kind of hacks have been around for a long time but they are always changing their method of how they get you to click their link which, unfortunately, does catch a few people out.

I know people who have clicked a link in a message and they were instantly replaced as admin on their page and had no control over the page any more. So i guess some links activate a script.

I get these from time to time.

If you have an active page you’ve probably seen a few of these too, within the red circle you can normally see a facebook profile. It’s generally the same image you see from the message sender. (In this case the FB logo.)

If you click the 3 dots it will take you to their profile, report it to facebook, mark the message as spam and block the user.

Fb removes those profiles pretty fast. Thought i’d post this in the hope it stops someone else falling victim to these scum.

I hope the page owner gets the page back.

1 Like

if someone knows a way to recover the facebook pages back please leave some links here or a tutorial. have a few friends who lost them and will be nice if we give some help in this matter.

Facebook responded:

Hi Dave,

Thanks again for your report. I’m having troubles understanding your report. From what I understand you’re explaining the following:

  • A malicious person crafts an invitation link for a business profile

  • This person sends this link to a page

  • The page owner clicks that link and his page is added to the business profile of the attacker without any signup form.

  • From there the attacker can take over the page?

Is this what you meant? Do you have any more information on what exactly happened when these links are clicked? What screens or forms did you go through? Did you get any warning screens or where did you end up eventually when you clicked that link? Can you reproduce this behavior yourself with test accounts and if so, can you share the exact steps necessary for us to reproduce this?

Looking forward to your feedback so we can continue our investigation.

Thanks,

Spencer

Security

How do I explain this to them?

1 Like

If u know the process of inviting from BM then just replicate it with a screen recorder or a screenshot is enough…

Apparently not for Facebook, they want everything spoon fed. I gave them the EXACT link that is still live and the stolen fanpage. All they have to do is check the logs and they would see how it happened.

They are asking to replicate the action… Link doesnt work here… u need to try it with your own self from bm with other page and submit to them

They could just check the logs, as again, even if I did it, they would still need to check logs.

1 Like

I will try to replicate it and make a video.
Btw, my friend managed to get the fake account who took over the page banned or disabled. The page hasn’t posted anything for 6 days now and the account has disappeared. I checked it with different IPs and geolocations, so it’s definitely deactivated/disabled.

We have the page with see first, so we will see every post they publish and they haven’t posted anything for a while.
Can we still recover this page?