SWAPD is a trusted middleman service dedicated to offering our users the safest way to buy, sell, or trade items and services of virtual nature. SWAPD opens doors for you to earn and rise to fame in the digital universe by connecting you with vast network of buyers, sellers, and opportunities.
This is probably old news to some, but for me, it’s a first. Usually, when scammers try to take over your Fanpage, they will send a Business Ownership request to your page under some fake business name like “Instant Articles”. Well, this method I’ve experienced last night is different. You only have to click a link and you’re instantly a part of the scammers business, which gives him full control over your pages. No confirmations, no anything. Just boom, they’re in.
The link looks very innocent, they use an FB.me URL. Below is a live link one of our ViralAccounts clients fell for last night (DO NOT PRESS IT IF YOU HAVE THINGS YOU CARE ABOUT UNDER YOUR ACCOUNT):
WARNING THE FOLLOWING LINK IS A LIVE LINK OF THE SCAMMERS BUSINESS.
Only press if you’re willing to risk it. I am posting it here for educational purposes, so we can learn the tricks of these lowlives. (It’s blurred out so you don’t accidentally click it. To see the link, click the blur).
Thanks to this trick, someone lost a premium 800K Fanpage which we were getting ready to purchase on our other site.
So, I want to know, is this something new? Or am I getting rusty? Because how do you defend yourself from this type of thing? You can pretty much convince anyone to click a link these days.
This thing is not a bug to be patched, we are accepting the invitation from facebook not an external. It is live for businesses who transfer the ownership…
Thank u for that info… I want to share something that plz link ur instagram account to fanpage… coz nobody can stolen your page via bussiness manager or any other link… This is best way to keep your page safe…
My friend’s 318k highly active page got hacked by this method just a few hours ago… I never expected this scam to spread so fast… We have the profile of the scammer and the screenshots of the messages but I don’t think FB will do anything… He sent a mail to ip@fb.com with everything but I doubt that his page will be recovered.
Edit: Also, the funny thing is that the page was already in a business manager of ANOTHER admin, but even then the page got hacked through just a normal admin not in the BM.
I’ve reported this via their bug bounty form (not expecting a bounty, I just want this to be seen by someone who cares). I will let you know once (if) they respond.
These kind of hacks have been around for a long time but they are always changing their method of how they get you to click their link which, unfortunately, does catch a few people out.
I know people who have clicked a link in a message and they were instantly replaced as admin on their page and had no control over the page any more. So i guess some links activate a script.
If you have an active page you’ve probably seen a few of these too, within the red circle you can normally see a facebook profile. It’s generally the same image you see from the message sender. (In this case the FB logo.)
If you click the 3 dots it will take you to their profile, report it to facebook, mark the message as spam and block the user.
Fb removes those profiles pretty fast. Thought i’d post this in the hope it stops someone else falling victim to these scum.
if someone knows a way to recover the facebook pages back please leave some links here or a tutorial. have a few friends who lost them and will be nice if we give some help in this matter.
Thanks again for your report. I’m having troubles understanding your report. From what I understand you’re explaining the following:
A malicious person crafts an invitation link for a business profile
This person sends this link to a page
The page owner clicks that link and his page is added to the business profile of the attacker without any signup form.
From there the attacker can take over the page?
Is this what you meant? Do you have any more information on what exactly happened when these links are clicked? What screens or forms did you go through? Did you get any warning screens or where did you end up eventually when you clicked that link? Can you reproduce this behavior yourself with test accounts and if so, can you share the exact steps necessary for us to reproduce this?
Looking forward to your feedback so we can continue our investigation.
Apparently not for Facebook, they want everything spoon fed. I gave them the EXACT link that is still live and the stolen fanpage. All they have to do is check the logs and they would see how it happened.
I will try to replicate it and make a video.
Btw, my friend managed to get the fake account who took over the page banned or disabled. The page hasn’t posted anything for 6 days now and the account has disappeared. I checked it with different IPs and geolocations, so it’s definitely deactivated/disabled.
We have the page with see first, so we will see every post they publish and they haven’t posted anything for a while.
Can we still recover this page?
