Meta will take anyone’s money, if they want to pay for ad-space on Facebook. And that’s a problem. Because the scammers of the internet have no problem ponying up a little cash, if it gets their scams in front of thousands of people. Last year, I blogged a bit about this, and in this post, I want to showcase a specific hazard that shows Facebook’s continued malvertising problem.
Check out this basic Facebook page with me:
I’ve mentioned before that Facebook’s Sponsored posts and ads are The Devil. But today’s ads are the worst. If you notice the Sponsored items to the upper-right of that screencap, focus on how they use icons similar to Facebook’s message and notification icons. This is a subtle phishing tactic that is going to catch anyone who is not paying attention, or has vision issues, or is “going too fast.” Everyday, people land on those ads, thinking they’re about to see their Facebook activity and PMs.
But anyone clicking those malvertisements is shunted to this page:
And then to this page:
To be clear, those pages are fakes and not to be obeyed. The ultimate goal of these ads is to rope people into a classic Microsoft Support Alert Scam. This brings in a ton of money each year for cybercriminals. Our government reports that they think scams like these may have netted a Billion dollars or more in 2024.
What to Do
The first and main thing I wish for everyone is the ability to Recognize these things as ads and not part of the Facebook machinery. Once you spot these Sponsored items, please do all you can to avoid clicking on them or interacting with them.
But there is more you can do, if you wish.
- Running an ad-blocker in your browser can sometimes reduce malvertising. Malwarebytes Browser Guard is another freebie that can inhabit your browser and help keep some hazards at bay
- F.B. Purity is a different browser extension that can modify and cleanup some parts of your Facebook page
- Report and/or Hide these dangerous ads
Reporting and Hiding Facebook Content
This can feel a bit dicey, for some. We know the ad is toxic, but to report it to Facebook, we have to click on it in just the right way. Only try this if you know what you are doing, and please do not go outside your comfort zone with this next info.
There are buttons that allow you to report this scam to Facebook, but they are hidden from view, initially. To see these buttons, you must float your mouse cursor over the ad, without clicking. If you hover over the malvertising, you’ll see:
That new ‘X’ button is safe to click and will hide the ad. But the 3-dots button is far more useful. Click that and you get a chance to make a report to Facebook.
For this particular hazard, I clicked on Report ad, then on “Scam, Fraud or impersonation”, then “Fraud or Scam”, then on “Financial or Identity Scam”. Because this scam is designed to steal money from innocent people.
Most of the time, reporting bad content to Facebook is easily done. But for this one, a wrong click could open up a fake Microsoft Alert that boondoggles your whole screen. If that happens, try to press Alt+F4 to close the window. Or long-press on the Escape key. If all else fails, long-press your computer’s power button. A hard reboot of the computer will get you away from danger — just don’t click on “Restore Pages” when you have the computer back up and running again.