They reportedly used a technique called "celeb baiting" that uses images of celebrities in ads to entice people to click on them. Victims unknowingly installed malware on their systems by clicking on those ads, allowing the infiltrators to take over. Their accounts were then used to run ads that promote counterfeit products, diet pills and male enhancement supplements. Further, to prevent the platform from finding and taking down those shady ads, Facebook says ILikeAd has been "cloaking" them. That means it's been disguising the true destination of the links in its ads by displaying a different landing page for Facebook's system.
The company has been cracking down on dubious advertisers that use the cloaking technique over the past few years. However, it says lawsuits against them are quite rare, because cloaking schemes are often "sophisticated and well organized." As a result, it's not easy identifying the organizations and individuals behind them. Facebook didn't share how it was able to trace the ads back to ILikeAd, but it says it has already issued over $4 million in refunds to users whose accounts were hijacked.