Meta’s advertising platform has become a goldmine for scammers. From counterfeit product listings to fake investment opportunities and impersonation scams, bad actors are increasingly using paid ads to target users right in their feeds – and internal documents reviewed by Reuters show that Meta’s own ad platform continues to approve, deliver, and generate significant revenue from these fraudulent ads, despite their known risks.
A major investigative Reuters report by Jeff Horwitz revealed internal Meta documents estimate the company is delivering 15 billion scam ads to users every single day, generating a whopping $7 billion in revenue each year. To put that into context (because sometimes our minds don’t process ‘billions’ very well), Meta is making approximately $30,400 per minute from scams and illicit ads on their platforms.
Despite its own automated systems flagging suspicious advertisers behind the scam ads, Meta does not terminate those accounts, according to the internal documents. Instead, they charge a higher ad rate to “discourage” them from placing ads – a choice that still allows scam ads to continue running and generating more revenue.
Algorithms Make the Problem Worse
Of course, it doesn’t stop there. We’ve noted in our own testing and investigation that when we interacted with scam ads, it was as if the algorithm picked up on our “interest” in them and pushed more of them into our feed. The leaked documents confirm this, noting that because of Meta’s ad-personalization system, which delivers tailored ads based on the user’s interests, users who click on scam ads are likely to see more of them.
This highlights a very serious problem – instead of shielding and protecting vulnerable users, social media platforms are actually amplifying exposure to scams by promoting similar content. As noted by Reuters, Meta’s own research suggests that its platforms were involved in a third of all successful scams in the U.S. alone.
Serving Up Tech Support Scams
One of the scam trends we’re seeing across Meta’s Facebook is the rise of sponsored ads intentionally designed to mimic official Facebook notifications, often claiming you have “new” or “urgent” messages waiting or a friend request to accept.
While these “new notification” scam tactics aren’t new or exclusive to Facebook, the Seraph Secure and Kitboga teams have seen a sharp increase in reports. Even on our own Facebook test accounts, these ads regularly appear in our feeds and in the top-right corner of the page – dangerously close to where legitimate Facebook notifications show up.
What Happens If You Click?
Here’s the problem: Clicking one of these ads, intentionally or by accident, can lead to devastating consequences. You won’t be taken to Messenger; instead, you’ll be redirected, often to a scam website.
Some of these scam websites may resemble Facebook to trick you. They may claim your account has been suspended, compromised, or locked for suspicious activity. Just as you try to close the page or navigate away, the real attack begins: a fake virus pop-up that hijacks your screen, sometimes accompanied by a loud alarm sound or message that begins blaring through your speakers:
“Windows Defender has temporarily disabled your internet connection and computer for suspicious activity from Facebook. Please do not shut down or restart the computer. We have detected that you may have clicked on a virus-infected article on Facebook. Please call our support before your Facebook account is permanently suspended.”
You haven’t actually downloaded a virus, but this panic-inducing tactic called scareware is designed to make you believe your computer is under attack or your Facebook account is at risk.
If you’ve never encountered one of these before, it can be very startling. Here’s a video showing what happens if you were to mistakenly open a fake virus pop-up (and how to get rid of one).
While you can usually get out of these fake virus pop-ups by holding down the ESC key, force-closing the browser window, or restarting your computer, many people don’t know this. The loud noise, the full-screen takeover, and the official-sounding warnings create a high-pressure situation, and that’s exactly what the scammers are counting on.
Calling Scam Numbers on Fake Virus Pop-ups
If you’re unsure about what to do in this situation, you might reach for your phone to call the number on the screen so you can get the problem sorted. The number of Microsoft Windows or Facebook Support is conveniently provided there for you. Why shouldn’t you trust it?
But if you call the number, you won’t be reaching Microsoft or any legitimate tech support – you’ll be speaking to a scammer.
The tech support scammers behind these fake virus pop-ups are trained to sound professional and reassuring. They may tell you that your computer has been infected with a virus or has some other security issue, or claim that your Facebook account has been hacked, but not to worry because they are ready to help.
To help “fix” the problem, they’ll guide you through downloading remote access software. This is where the real damage begins.
The Dangers of Remote Access Software
Remote access software – also known by other names like remote connection, remote desktop, or remote control tools – allows someone to control a computer from anywhere in the world as if they were sitting in front of it themselves. When you install one of these programs and hand control over to a scammer, you’re giving them unrestricted access to everything on your device. Even if they promise they can’t see any of your private information, they are lying.
Once a scammer is on your device, they can:
Steal personal information and saved passwords
Access bank accounts and private files
Get into your email and social media
Install malware, spyware, or keyloggers
Monitor your activity and spy through your webcam
Lock you out of your own device
Scammers will reassure victims to keep them calm, even while they’re silently digging into the most sensitive places on your computer. They may assure victims that they can’t see the screen, that everything is secure, or that they’re working on your computer so they can get rid of the virus or help you to recover your “hacked” account.
Unattended Access: When Things Go from Bad to Worse
Some scammers go a step further: if they get into the device once, they make sure that they can come back whenever they want.
They can do this because many remote connection tools have a feature called “unattended access”. This allows someone to reconnect to your computer whenever they want, even without your knowledge or permission. These scammers can sit in the background of your computer watching your every move for days, months, or even years, all without being obvious to the average user.
If you want to better understand how remote access scams work and how to spot the signs, check out our article: Behind the Screen: The Dangers of Remote Connection
What You Can Do To Keep Yourself Safe
1. Never call phone numbers on pop-ups. Pop-up alerts with numbers are ALWAYS scams. Legitimate companies will never use pop-ups to provide support numbers.
2. Be cautious of sponsored ads. It’s tough on platforms like Facebook that are littered with sponsored ads, but use caution when navigating and clicking around the site.
3. Know what to do if you encounter a fake virus pop-up.
Try holding the ESC key to close out of it.
Force-close your browser. Use Ctrl + Alt + Delete (Windows) or Cmd + Option + Esc (Mac) to open your task manager, right click on the browser name, and choose end task.
If that doesn’t work, restart your computer.
The Burden of Safety Falls on the User
These scam sponsored ads aren’t just annoying, they’re dangerous. Unfortunately, they're paid for, approved, and pushed directly to users by Meta’s own ad system.
These ads are designed to scare, confuse, and exploit people. They can lead to panic-inducing pop-ups, tech support scams, and in the worst cases, complete device takeovers by scammers that can result in further monetary loss and even identity theft.
While Meta allegedly aims to reduce its illicit revenue stream from scam sponsored ads like these in the future, it appears financial considerations have been a main factor in how enforcement efforts are prioritized. Progress on safety initiatives has been gradual, a pace some attribute to a lack of regulatory oversight and fines that are a slap on the wrist. At most, the documents described by Reuters estimated Meta will face around $1 billion in fines, nothing when compared to the $7 billion they bring in from fraudulent ads alone.
Until the issues described in the leaked documents are addressed, and until enforcement becomes a genuine priority, the burden of safety will continue to fall on users.
How Seraph Secure Can Protect You
You don’t need to be a tech expert to stay safe online. Just knowing how these scams work, and how to respond if you encounter one, can be enough to stop them. One wrong click does not need to end in disaster.
But if you want extra peace of mind while browsing online, Seraph Secure can help. We’ve built our software to detect and block known fake virus pop-ups before they take over your screen, lock up your computer, and pressure you into calling a fake support number.
- The Seraph Secure Team
