Pluralistic: Facebook's fraud files (08 Nov 2025)


Today's links


A tuxedoed figure dramatically shoveing greenish pigs into a tube, from whose other end vomits forth a torrent of packaged goods. He has the head of Mark Zuckerberg's 'metaverse' avatar. He stands upon an endless field of gold coins. The background is the intaglioed upper face of the engraving of Benjamin Franklin on a US$100 bill, roughed up to a dark and sinister hue.

Facebook's fraud files (permalink)

A blockbuster Reuters report by Jeff Horwitz analyzes leaked internal documents that reveal that: 10% of Meta's gross revenue comes from ads for fraudulent goods and scams, and; the company knows it, and; they decided not to do anything about it, because; the fines for facilitating this life-destroying fraud are far less than the expected revenue from helping to destroy its users' lives:

https://www.reuters.com/investigations/meta-is-earning-fortune-deluge-fraudulent-ads-documents-show-2025-11-06/

The crux of the enshittification hypothesis is that companies deliberately degrade their products and services to benefit themselves at your expense because they can. An enshittogenic policy environment that rewards cheating, spying and monopolization will inevitably give rise to cheating, spying monopolists:

https://pluralistic.net/2025/09/10/say-their-names/#object-permanence

You couldn't ask for a better example than Reuters' Facebook Fraud Files. The topline description hardly does this scandal justice. Meta's depravity and greed in the face of truly horrifying fraud and scams on its platform is breathtaking.

Here's some details: first, the company's own figures estimate that they are delivering 15 billion scam ads every single day, which generate $7 billion in revenue every year. Despite its own automatic systems flagging the advertisers behind these scams, Meta does not terminate their account – rather, it charges them more money as a "disincentive." In other words, fraudulent ads are more profitable for Meta than non-scam ads.

Meta's own internal memos also acknowledge that they help scammers automatically target their most vulnerable users: if a user clicks on a scam, the automated ad-targeting system floods that user's feed with more scams. The company knows that the global fraud economy is totally dependent on Meta, with one third of all US scams going through Facebook (in the UK, the figure is 54% of all "payment-related scam losses"). Meta also concludes that it is uniquely hospitable to scammers, with one internal 2025 memo revealing the company's conclusion that "It is easier to advertise scams on Meta platforms than Google."

Internally, Meta has made plans to reduce the fraud on the platform, but the effort is being slow-walked because the company estimates that the most it will ultimately pay in fines worldwide ads up to $1 billion, while it currently books $7 billion/year in revenue from fraud. The memo announcing the anti-fraud effort concludes that scam revenue dwarfs "the cost of any regulatory settlement involving scam ads." Another memo concludes that the company will not take any pro-active measures to fight fraud, and will only fight fraud in response to regulatory action.

Meta's anti-fraud team operates under an internal quota system that limits how many scam ads they are allowed to fight. A Feb 2025 memo states that the anti-fraud team is only allowed to take measures that will reduce ad revenue by 0.15% ($135m) – even though Meta's own estimate is that scam ads generate $7 billion per year for the company. The manager in charge of the program warns their underlings that "We have specific revenue guardrails."

What does Meta fraud look like? One example cited by Reuters is the company's discovery of a "six-figure network of accounts" that impersonated US military personnel, who attempted to trick other Meta users sending them money. Reuters also describes "a torrent of fake accounts pretending to be celebrities or represent major consumer brands" in order to steal Meta users' money.

Another common form of fraud is "sextortion" scams. That's when someone acquires your nude images and threatens to publish them unless you pay them money and/or perform more sexual acts on camera for them. These scams disproportionately target teenagers and have led to children committing suicide:

https://www.usatoday.com/story/life/health-wellness/2025/02/25/teenage-boys-mental-health-suicide-sextortion-scams/78258882007/

In 2022, a Meta manager sent a memo complaining about a "lack of investment" in fraud-fighting systems. The company had classed this kind of fraud as a "low severity" problem and was deliberately starving enforcement efforts of resources.

This only got worse in the years that followed, when Meta engaged in mass layoffs from the anti-fraud side of the business in order to free up capital to work on perpetrating a different kind of scam – the mass investor frauds of metaverse and AI:

https://pluralistic.net/2025/05/07/rah-rah-rasputin/#credulous-dolts

These layoffs sometimes led to whole departments being shuttered. For example, in 2023, the entire team that handled "advertiser concerns about brand-rights issues" was fired. Meanwhile, Meta's metaverse and AI divisions were given priority over the company's resources, to the extent that safety teams were ordered to stop making any demanding use of company infrastructure, ordered instead to operate so minimally that they were merely "keeping the lights on."

Those safety teams, meanwhile, were receiving about 10,000 valid fraud reports from users every week, but were – by their own reckoning – ignoring or incorrectly rejecting 96% of them. The company responded to this revelation by vowing to reduce the share of valid fraud reports that it ignored to a mere 75% by 2023.

When Meta roundfiles and wontfixes valid fraud reports, Meta users lose everything. Reuters reports out the case of a Canadian air force recruiter whose account was taken over by fraudsters. Despite the victim repeatedly reporting the account takeover to Meta, the company didn't act on any of these reports. The scammers who controlled the account started to impersonate the victim to her trusted contacts, shilling crypto scams, claiming that she had bought land for a dream home with her crypto gains.

While Meta did nothing, the victim's friends lost everything. One colleague, Mike Lavery, was taken for CAD40,000 by the scammers. He told Reuters, "I thought I was talking to a trusted friend who has a really good reputation. Because of that, my guard was down." Four other colleagues were also scammed.

The person whose account had been stolen begged her friends to report the fraud to Meta. They sent hundreds of reports to the company, which ignored them all – even the ones she got the Royal Canadian Mounted Police to deliver to Meta's Canadian anti-fraud contact.

Meta calls this kind of scam, where scammers impersonate users, "organic," differentiating it from scam ads, where scammers pay to reach potential victims. Meta estimates that it hosts 22 billion "organic" scam pitches per day. These organic scams are actually often permitted by Meta's terms of service: when Singapore police complained to Meta about 146 scam posts, the company concluded that only 23% of these scams violated their Terms of Service. The others were all allowed.

These permissible frauds included "too good to be true" come-ons for 80% discounts on leading fashion brands, offers for fake concert tickets, and fake job listings – all permitted under Meta's own policies. The internal memos seen by Reuters show Meta's anti-fraud staffers growing quite upset to realize that these scams were not banned on the platform, with one Meta employee writing, "Current policies would not flag this account!"

But even if a fraudster does violate Meta's terms of service, the company will not act. Per Meta's own policies, a "High Value Account" (one that spends a lot on fraudulent ads) has to accrue more than 500 "strikes" (adjudicated violations of Meta policies) before the company will take down the account.

Meta's safety staff grew so frustrated by the company's de facto partnership with the fraudsters that preyed on its users that they created a weekly "Scammiest Scammer" award, given to the advertiser that generated the most complaints that week. But this didn't actually spark action – Reuters found that 40% of Scammiest Scammers were still operating on the platform six months after being flagged as the company's most prolific fraudster.

This callous disregard for Meta's users isn't the result of a new, sadistic streak in the company's top management. As the whistleblower Sarah Wynn-Williams' memoir Careless People comprehensively demonstrates, the company has always been helmed by awful people who would happily subject you to grotesque tormets to make a buck:

https://pluralistic.net/2025/04/23/zuckerstreisand/#zdgaf

The thing that's changed over time is whether they can make a buck by screwing you over. The company's own internal calculus reveals how this works: they make more money from fraud – $7 billion/year – than they will ever have to pay in fines for exposing you to fraud. A fine is a price, and the price is right (for fraud).

The company could reduce fraud, but it's expensive. To lower the amount of fraud, they must spend money on fraud-fighting employees who review automated and user-generated fraud flags, and accept losses from "false positives" – overblocking ads that look fraudulent, but aren't. Note that these two outcomes are inversely correlated: the more the company spends on human review, the fewer dolphins they'll catch in their tuna nets.

Committing more resources to fraud fighting isn't the same thing as vowing to remove all fraud from the platform. That's likely impossible, and trying to do so would involve invasively intervening in users' personal interactions. But it's not necessary for Meta to sit inside every conversation among friends, trying to decide whether one of them is scamming the others, for the company to investigate and act on user complaints. It's not necessary for Meta to invade your conversations for it to remove prolific and profitable fraudsters without waiting for them to rack up 500 policy violations.

And of course, there is one way that Meta could dramatically reduce fraud: eliminate its privacy-invasive ad-targeting system. The top of the Meta ad-funnel starts with the nonconsensual dossiers Meta has assembled on more than 4 billion people around the world. Scammers pay to access these dossiers, targeting their pitches to users who are most vulnerable.

This is an absolutely foreseeable outcome of deeply, repeatedly violating billions of peoples' human rights by spying on them. Gathering and selling access to all this surveillance data is like amassing a mountain of oily rags so large that you can make billions by processing them into low-grade fuel. This is only profitable if you can get someone else to pay for the inevitable fires:

https://locusmag.com/feature/cory-doctorow-zucks-empire-of-oily-rags/

That's what Meta is doing here: privatizing the gains to be had from spying on us, and socializing the losses we all experience from the inevitable fallout. They are only able to do this, though, because of supine regulators. Here in the USA, Congress hasn't delivered a new consumer privacy law since 1988, when they made it a crime for video-store clerks to disclose your VHS rentals:

https://pluralistic.net/2023/12/06/privacy-first/#but-not-just-privacy

Meta spies on us and then allows predators to use that surveillance to destroy our lives for the same reason that your dog licks its balls: because they can. They are engaged in conduct that is virtually guaranteed by the enshittogenic policy environment, which allows Meta to spy on us without limit and which fines them $1b for making $7b on our misery.

Mark Zuckerberg has always been an awful person, but – as Sarah Wynn-Williams demonstrates in her book – he was once careful, worried about the harms he would suffer if he harmed us. Once we took those consequences away, Zuck did exactly what his nature dictated he must: destroyed our lives to increase his own fortune.

Hey look at this (permalink)


A shelf of leatherbound history books with a gilt-stamped series title, 'The World's Famous Events.'

Object permanence (permalink)

#20yrsago Singapore’s stocking-foot executioner https://web.archive.org/web/20051029103210/http://www.news.com.au/story/0,10117,17057851-2,00.html

#20yrsago Cinemas as police-states: why box-office revenue is in decline? https://web.archive.org/web/20051107024915/https://www.politechbot.com/2005/11/04/how-the-mpaa/

#20yrsago Westchester Co’s clueless WiFi lawmakers demonstrate cluelessness http://www.psychicfriends.net/blog/archives/2005/11/06/idiot_politicians_in_my_neighborhood.html

#20yrsago Katamari Damacy homemade models http://www.harveycartel.org/mare/pics/katamari.html

#15yrsago Cut-up artist alphabetizes the newspaper https://web.archive.org/web/20101109012930/http://derrenbrown.co.uk/blog/2010/11/kim-rugg-london-artists-knife-skills-knack-precision/

#15yrsago Colorado DA drops felony hit-and-run charges against billion-dollar financier because of “serious job implications” https://web.archive.org/web/20101108122254/http://www.vaildaily.com/article/20101104/NEWS/101109939/1078&ParentProfile=1062

#10yrsago A Freedom of Information request for UK Home Secretary Theresa May’s metadata https://www.techdirt.com/2015/11/06/uk-home-secretary-says-dont-worry-about-collection-metadata-foia-request-made-her-metadata/

#10yrsago Religious children more punitive, less likely to display altruism https://www.theguardian.com/world/2015/nov/06/religious-children-less-altruistic-secular-kids-study

#10yrsago Once again, the SFPD blames a cyclist for his own death without any investigation https://sfist.com/2015/11/04/sfpd_once_again_blames_cyclist_for/

#10yrsago Paid Patriotism: Pentagon spent millions bribing sports teams to recognize military service https://www.huffpost.com/entry/defense-military-tributes-professional-sports_n_5639a04ce4b0411d306eda5e

#10yrsago Spy at will! FCC won’t force companies to honor Do Not Track https://arstechnica.com/information-technology/2015/11/fcc-wont-force-websites-to-honor-do-not-track-requests/

#10yrsago TPP will let banks write their own regulations and stick taxpayers with the bill https://theintercept.com/2015/11/06/ttp-trade-pact-would-give-wall-street-a-trump-card-to-block-regulations/

#10yrsago Typewriter portraiture, the strange story of 1920s ASCII art https://web.archive.org/web/20151108220746/https://pictorial.jezebel.com/the-typewriter-ascii-portraits-of-classic-hollywood-and-1738094492

#5yrsago QE, inflation, slave labor and a People's Bailout https://pluralistic.net/2020/11/07/obamas-third-term/#peoplesbailout

#1yrago Antiusurpation and the road to disenshittification https://pluralistic.net/2024/11/07/usurpers-helpmeets/#disreintermediation

Upcoming appearances (permalink)

A photo of me onstage, giving a speech, pounding the podium.


A screenshot of me at my desk, doing a livecast.

Recent appearances (permalink)


A grid of my books with Will Stahle covers..

Latest books (permalink)


A cardboard book box with the Macmillan logo.

Upcoming books (permalink)

  • "Unauthorized Bread": a middle-grades graphic novel adapted from my novella about refugees, toasters and DRM, FirstSecond, 2026

  • "Enshittification, Why Everything Suddenly Got Worse and What to Do About It" (the graphic novel), Firstsecond, 2026

  • "The Memex Method," Farrar, Straus, Giroux, 2026

  • "The Reverse-Centaur's Guide to AI," a short book about being a better AI critic, Farrar, Straus and Giroux, 2026


Colophon (permalink)

Today's top sources:

Currently writing:

  • "The Reverse Centaur's Guide to AI," a short book for Farrar, Straus and Giroux about being an effective AI critic. FIRST DRAFT COMPLETE AND SUBMITTED.

  • A Little Brother short story about DIY insulin PLANNING

This work – excluding any serialized fiction – is licensed under a Creative Commons Attribution 4.0 license. That means you can use it any way you like, including commercially, provided that you attribute it to me, Cory Doctorow, and include a link to pluralistic.net.

https://creativecommons.org/licenses/by/4.0/

Quotations and images are not included in this license; they are included either under a limitation or exception to copyright, or on the basis of a separate license. Please exercise caution.

How to get Pluralistic:

Blog (no ads, tracking, or data-collection):

Pluralistic.net

Newsletter (no ads, tracking, or data-collection):

https://pluralistic.net/plura-list

Mastodon (no ads, tracking, or data-collection):

https://mamot.fr/@pluralistic

Medium (no ads, paywalled):

https://doctorow.medium.com/

Twitter (mass-scale, unrestricted, third-party surveillance and advertising):

https://twitter.com/doctorow

Tumblr (mass-scale, unrestricted, third-party surveillance and advertising):

https://mostlysignssomeportents.tumblr.com/tagged/pluralistic

"When life gives you SARS, you make sarsaparilla" -Joey "Accordion Guy" DeVilla

READ CAREFULLY: By reading this, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies ("BOGUS AGREEMENTS") that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.

ISSN: 3066-764X

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.