In recent years, Facebook, owned by Meta Platforms Inc, has evolved into a powerful advertising platform, allowing businesses and individuals to reach millions of users worldwide. But, while legitimate businesses thrive, malicious actors have also exploited Facebook’s ads system to promote phishing scams—fraudulent schemes designed to steal users’ personal information, financial data, and social media credentials.
Despite Meta’s claims of investing heavily in artificial intelligence and human reviewers to combat malicious content, evidence suggests that phishing scams continue to slip through the cracks, posing serious threats to user security.
READ THIS: 5 common types of phishing and how to avoid being a victim
The FactCheckHub has published several fact-checks on phishing scams and tutorials on identifying phishing scams, websites and viral WhatsApp messages.
A recent investigation conducted by The FactCheckHub revealed multiple active phishing campaigns on Facebook, with some ads running for weeks before removal. This raises questions about the effectiveness of Meta’s moderation system and whether its profit-driven ad model incentivizes leniency toward potentially harmful content.
The mechanics of Facebook phishing Ads
Phishing scams on Facebook typically masquerade as legitimate businesses, popular brands, or urgent notifications. These deceptive ads often promise enticing offers such as free giveaways, job opportunities, or security alerts to lure users into clicking. Once a user engages with the ad, they are redirected to a fake website that mimics a trusted platform, where they are prompted to input sensitive information.
Our researcher observed that some of the phishing campaigns involve multiple posts impersonating popular brands and individuals.
Impersonation of popular brands and personalities
Fraudsters create fake ads pretending to be reputable companies, offering too-good-to-be-true deals. The FactCheckHub has debunked claims about MTN offering free airtime data for subscribers across Africa, a claim growing fast-paced on the platform, which sometimes can maliciously extort data of the users that submit their information.
Beyond that, he monitored multiple Facebook ads which promoted phishing scams branded with images of notable personalities including the current Nigerian vice president, Kashim Shettima; the Sultan of Sokoto, Muhammad Sa’ad Abubakar III; Niger State governor, Muhammed Bago, and the Emir of Kano, Sanusi Lamido Sanusi etc.
ALSO READ: How PEPT judgement, Niger and Gabon coups fuel misinformation on X
He observed that the scammers exploit moments like the festive periods and also the current economic hardship in Nigeria to create scams paraded as grants or palliatives but which are aimed at stealing people’s information with the intent to harm or swindle victims.
For instance, our researcher discovered two different posts on the Facebook Ads model that advertised a grant application allegedly from Vice President Shettima and asked applicants to submit their bank details. One of the posts had over 9,000 likes with over 10,800 comments and more than 100 shares as seen below.
Similarly, another sponsored Facebook post in the guise of offering grants, asks applicants to apply for N88,900 grant linked to the Nigerian government with the image of Shettima. The Ads had significant traction too with over 7,100 likes, over 7,200 comments and more than 50 shares.
Our researcher also observed another sponsored Facebook post in Hausa, one of the major Nigerian languages. When translated into English, it means “Stand a chance to be among those who benefit from this palliative.” It invited applications for a N200,000 grant citing fintech companies like Kuda, Opay, and Moniepoint as mediums of disbursement. The post, which has generated traction online with over 3,500 likes and more than 1,600 comments, also used the image of Kano emir, Sanusi Lamido Sanusi, as the brand’s ambassador.
How phishing Ads bypass Facebook’s detection system
Meta’s ads review process, which combines automated systems with human oversight, has notable vulnerabilities that scammers exploit. Tactics such as dynamic URL switching, where the destination URL of an ad is changed post-approval to redirect users to malicious sites, and cloaking techniques, which present benign content to reviewers while displaying harmful material to users, are commonly employed.
Similarly, geotargeting is used to restrict scam visibility to specific regions, making detection more challenging. These methods allow malicious ads to bypass Meta’s advertising review mechanisms and reach unsuspecting users. Reports indicate that scammers can create new pages and run deceptive ads within minutes, often reusing content from legitimate businesses to appear credible.
The human cost of phishing scams
The consequences of falling for a phishing scam are severe. Victims often report unauthorized bank transactions, identity theft, and loss of access to social media accounts. Small businesses have also been targeted, with fraudulent ads leading to compromised accounts and reputational damage.
DON’T MISS THIS: How scam, fraudulent actors take advantage of COVID-19
In Nigeria where digital literacy varies widely, these scams pose serious threat to online users. The rapid rise of online transactions combined with limited consumer protection leaves many users vulnerable.
What Meta says—and what critics argue
Meta asserts that it actively removes harmful content and has enhanced its ad review processes. In 2024, the company reported significant efforts to combat deceptive advertisements, including the removal of over 8,000 fraudulent “celeb bait” ads in collaboration with Australian banks. This initiative was part of broader measures to tighten ad regulations, especially for financial services, requiring advertisers to verify their credentials before running ads.
However, critics argue that Meta’s approach remains largely reactive and lacks sufficient transparency. Digital rights advocates have called for stronger pre-approval mechanisms and independent audits of Facebook’s ad ecosystem to ensure accountability. Concerns have been raised about the effectiveness of Meta’s content moderation policies, especially after the company replaced third-party fact-checkers with a community-based system in the United States and announced plans to implement this globally, leading to unease among advertisers regarding brand safety.
Experts offer counsels to address rising spread of phishing scams
In a Guardian article, the Director of Consumer Investments at the UK’s Financial Conduct Authority (FCA), Lucy Castledine, criticized Meta for being the slowest among social media platforms to remove financial scam content, sometimes taking up to six weeks to act on takedown requests. She emphasised that such delays undermine efforts to combat online financial fraud and called for proactive use of algorithms to detect scam content, rather than relying solely on reactive measures.
Similarly, a cybersecurity expert, Darren Guccione, highlighted the rise of AI-enhanced scams, noting that scammers use sophisticated techniques like deepfakes to impersonate trusted individuals, thereby increasing the likelihood of deceiving victims. He warned that these scams can lead to significant financial losses, as they exploit the trust users place in familiar faces and voices.
Also commenting, Philip Anjorin, a fact-checker at Dubawa, said phishing scams sponsored through Facebook ads are especially dangerous because of the platform’s dominant user demographic, especially individuals aged over 40 who often lack strong media and digital literacy. He explained that this group is more susceptible to misleading sponsored ads, which Facebook does not regulate strictly enough.
ALSO READ: How TikTok allows users to promote misinformation about brands – Report
Compared to platforms like TikTok and Twitter, where users are typically more digitally native, Facebook’s environment poses greater risks, Anjorin stated. He noted that the issue is even more concerning in countries like Nigeria, where Meta has come under criticism for poor data privacy practices, referencing recent issues with the Federal Competition & Consumer Protection Commission (FCCPC) as a cause for alarm.
To combat this growing threat, Anjorin recommends the creation of targeted media literacy initiatives aimed at educating older users on how to identify and avoid phishing scams.
He also urges Meta to improve its ads regulation systems, particularly for vulnerable user segments. Lastly, he suggests that governments especially in regions like Nigeria should engage in active partnerships with Meta to enforce stronger safety protocols and data protection standards. These steps, he emphasized, are necessary to reduce users’ exposure to digital harm and build a more secure online space for netizens.
