Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
identity-impersonation-fraudenforcement-actionsearch-ad-manipulation

Meta's Profits from Scam and High-Risk Advertisements Exposed

Updated 2d agoFirst seen Nov 14, 20253 sources

Reuters uncovered internal Meta documents revealing that the company projected $16 billion in 2024 revenue from advertisements linked to scams and banned goods, accounting for approximately 10% of its total revenue. Meta's safety staff estimated that its platforms were involved in a third of all successful scams in the United States, though some of this involvement may be due to the use of WhatsApp for communication rather than direct ad placement. The documents also showed that Meta only bans advertisers if automated systems are 95% certain of fraud; otherwise, the company imposes higher ad rates as a penalty, potentially incentivizing the acceptance of high-risk ads.

Meta's management reportedly weighed the financial benefits of scam ads against potential regulatory costs, with $3.5 billion in revenue every six months coming from ads deemed to have "higher legal risk," such as those impersonating brands or celebrities. The company was willing to forgo only a small fraction of its revenue—about $135 million—to clamp down on suspicious advertisers, suggesting a calculated approach to balancing profit and compliance risk. These revelations have raised significant concerns about Meta's role in facilitating online scams and its internal decision-making regarding fraudulent advertising.

Share:
Meta's Profits from Scam and High-Risk Advertisements Exposed
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

11 events from the most recent confirmed update back to the earliest known activity.

11 EVENTS
Nov 13, 20258mo ago

KnownSec data leak was reported publicly

A large data leak involving Chinese security firm KnownSec was reported in the same news roundup. The summaries did not provide further technical detail, but identified it as a notable disclosure.

Reuters exposed Meta's handling of scam advertising

Reuters published an investigation revealing Meta's internal projections and policies around scam and banned-goods advertising revenue. The reporting brought public attention to the scale of fraud-related advertising on Meta's platforms and the company's internal enforcement thresholds.

Yanluowang initial access broker pleaded guilty in the US

A Russian initial access broker tied to the Yanluowang ransomware group pleaded guilty to hacking U.S. companies. The plea marked a concrete legal action against a facilitator in the ransomware ecosystem.

Law enforcement dismantled a major credit card fraud ring

Authorities took down a large credit card fraud operation, according to the reporting summaries. The action was presented as a significant law enforcement disruption of financially motivated cybercrime.

Ransomware incidents at Jaguar Land Rover and Asahi highlighted economic impact

Reporting cited ransomware attacks affecting Jaguar Land Rover in the UK and Asahi in Japan as examples of the continuing economic damage caused by ransomware. The references framed these incidents as part of a broader trend rather than newly disclosed breaches.

UK suspended intelligence sharing with the US over legal concerns

The United Kingdom suspended some intelligence sharing with the United States over concerns tied to suspected drug-trafficking vessel operations and related legal issues. The move was reported as a significant policy response in the intelligence relationship.

Sandworm launched wiper attacks on Ukraine's grain sector

The Russian military-linked group Sandworm carried out wiper attacks against organizations in Ukraine's grain sector. The campaign was described as an effort to damage a strategically important part of Ukraine's economy.

Hackers breached F5, with Salt Typhoon linked in reporting

State-backed hackers also breached F5 and stole sensitive files including source code, with Lawfare's summary attributing the activity to the Chinese group Salt Typhoon. As with the SonicWall incident, the attackers reportedly showed restraint by not turning the access into mass exploitation.

State-backed hackers breached SonicWall's MySonicWall service

Reporting said state-backed hackers compromised SonicWall's MySonicWall cloud backup service and stole sensitive configuration data. The intrusion was notable because the attackers did not escalate to broad mass exploitation.

Meta used a 95% fraud-certainty threshold before banning advertisers

Reuters reported that Meta generally banned advertisers only when automated systems were at least 95% certain they were fraudulent; otherwise, the company often imposed higher ad rates as a penalty. The policy was described in internal documents cited in reporting published in November 2025.

Dec 31, 20241y ago

Meta projected $16 billion in scam and banned-goods ad revenue for 2024

Internal Meta documents reviewed by Reuters showed the company projected about $16 billion in 2024 revenue from advertisements tied to scams and banned goods, roughly 10% of total revenue. The documents also indicated Meta platforms were linked to about one-third of successful scams in the United States.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

21 LINKEDOpen in app
Organizations
18 linked
Meta PlatformsEurojustEuropolCISAEsetKnownsecJaguar Land RovergchqNSO GroupSolarWindsAsahi Group HoldingsF5Microsoft CorporationSandwormSonicwallBank of EnglandYanluowangUnited24 Media
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.