Meta announced Thursday that it will take legal action to combat fraud on its platform by filing lawsuits against what it calls fraudulent advertisers based in Brazil, China and Vietnam.
As part of the effort, the advertiser’s payment method was suspended, associated accounts were disabled, and the domain name of the website used in the scam was blocked.
At the same time, the social media giant announced it had issued cease-and-desist letters to eight marketing consultants who advertised that they could circumvent the company’s advertising policy enforcement system. This included renting fake “unban” or account recovery services and access to trusted accounts to allow clients to circumvent its controls.
At least three advertisers, two from Brazil and one from China, were found to be involved in the celebrity-baiting scam. These scams often use images of celebrities to trick people into clicking on fake ads that direct them to fraudulent sites. These websites are designed to collect sensitive data or trick unsuspecting users into sending money or investing on fake platforms.
The three advertisers that Meta has filed suit against are:
Brazil-based Vitor Lorenzo de Sousa and Milena Luciani Sánchez are accused of using altered images and voices of celebrities to promote fraudulent health care products. B&B Supplementos e Cosméticos Ltda is based in Brazil. (Brites Corp), Brites Academia de Treinamento Ltda., Daniel de Brites Macieira Cordeiro, and José Victor de Brites Chaves de Araújo were arrested for participating in a fraud operation that used synthetic images of prominent doctors to promote healthcare products without regulatory approval and to sell courses that taught the same tactics. China-based Shenzhen Yunzheng Technology Co., Ltd. was accused of using celebrity bait ads to target people in various countries, including the United States and Japan, as part of a fraudulent scheme to induce them to join an investment group.
“To combat celebrity baiting scams, we developed features that protect celebrities whose images are repeatedly used in schemes like this,” Mehta said. “The program currently protects images of more than 500,000 celebrities and public figures around the world.”
The company also noted that it had sued Vietnam-based advertiser Li Van Lam for using cloaking techniques to circumvent its vetting process. Cloaking refers to an adversarial technique aimed at hiding the true nature of the website linked to an ad and fooling the ad review system by providing one version of the content during review, while displaying completely different and malicious content to the actual user.
In this case, advertisers are said to have used fraudulent advertisements offering discounted products from well-known brands in exchange for completing a survey. People who interacted with these ads were directed to a fake website where they were asked to enter their credit card information and purchase the product, but the product was never delivered. Their credit cards also have fraudulent recurring charges, a practice known as subscription fraud.
The development comes months after a Reuters investigation found that 19% of Meta’s $18 billion in ad sales in China in 2024 came from ads for scams, illegal gambling, pornography and other prohibited content. The report also revealed agencies that allowed companies to run prohibited ads, forcing the company to review its badged partner program.
After analyzing 14.5 million ads running on the EU and UK Meta Platform over a 23-day period, Gen Digital found that almost one in three of those ads (approximately 30.99%) displayed fraudulent, phishing, or malware links.
“The fraudulent ads generated more than 300 million total impressions in less than a month,” the cybersecurity firm announced earlier this month. “The activity was highly concentrated, with just 10 advertisers responsible for more than 56% of all fraudulent ads observed. We found that the cluster of repeated campaigns stemmed from shared payments and infrastructure associated with China and Hong Kong. This indicates an organized, industrial-scale operation rather than an isolated bad actor.”
These discoveries coincide with the discovery of malicious infrastructure and underground services being used to sell various types of scams.
The scam has been found to be a combination of malvertising and pig-butchering fraud models, primarily by tricking victims in Japan into clicking on investment-themed ads on social media. These ads redirect victims to a website and encourage them to scan a QR code and contact a supposed expert via a messaging app. Once victims participate in one-on-one or group chats with these so-called experts, who in some cases are nothing more than artificial intelligence (AI)-powered chatbots, they are gradually persuaded to invest large sums of money, only to be asked for a “termination fee” to extract non-existent profits. Over 23,000 domains have been discovered within this ecosystem. Threat actors are compromising routers and changing DNS settings to use Shadow Resolver hosted at Aeza International, a Bulletproof Hosting Company (BPH) licensed by the US government in July 2025. This malicious modification is designed to selectively modify DNS responses associated with Okta and Shopify, allowing operators to use HTTP-based traffic distribution systems (TDS) to direct users to fraudulent or malware content. Malicious push notification networks use a network of malicious domains to target Android Chrome users around the world and, after obtaining their permission, continuously send unwanted push notifications (e.g., “Your Android is infected with malware!” or “Your system needs to be scanned”) in an attempt to redirect them to fraudulent sites or adult content. According to Infoblox data, Bangladesh, India, Indonesia, and Pakistan account for 50% of all traffic. A network of over 150 cloned fake websites has been identified masquerading as genuine law firms based in the US and UK and promoting corporate impersonation scams targeting users seeking legal advice and representation. “These sites used the company’s name, brand name, and published attorney identity and offered to help victims recover funds lost in previous scams, posing as legitimate legal and asset recovery services,” Signia said. “This campaign targeted individuals who were already victims of financial fraud.”
The prevalence of fraud, spurred by the booming pig slaughter-as-a-service (PBaaS) economy, has not escaped the attention of law enforcement, as evidenced by the dismantling of fraudulent facilities in Southeast Asia in recent months.
Earlier this month, the Cambodian government pledged to crack down on and dismantle cyber fraud networks operating within its borders, adding that law enforcement authorities launched 48 operations in the first nine months of 2025 to combat cyber fraud, arresting 168 people and deporting 2,722 people to their home countries.
Continuing efforts have cut fraud by half since the beginning of this year, Senior Minister Chai Sinaris, executive director of the Technology Crime Task Force, reportedly said this week. Cambodian Prime Minister Hun Manet also acknowledged that online fraud centers operating in the country are damaging the country’s reputation and hurting its economy.
Source link
