| Commsrisk
By
Eric Priezkalns
19 Jan 2026

The scourge of smishing messages sent by rogue base stations is spreading across Europe but national leaders ignore the underlying security threat.

Police have announced the first ever arrests of smishing SMS blaster scammers in Greece. Regular readers of Commsrisk will anticipate all the essential facts of the case: a false base station was carried in the back of a car; the car was driven through densely populated suburbs of Athens, a major metropolitan area; the phones of victims were downgraded to 2G to bypass the security protocols of subsequent generations; victims received SMS messages that impersonated banks and contained links to phishing websites. But perhaps the most important common factor was that the two driver-operators of the SMS blaster were Chinese.

The arrests in Greece relied upon dumb luck rather than technologies that identify and pinpoint fake base stations. An employee of a shopping mall in Spata, an eastern district of Athens, warned police that two Chinese customers had behaved suspiciously. The police stopped and questioned the Chinese, who presented forged identity documents. The police then proceeded to search their car, where they found an SMS blaster and associated equipment. Three actual cases of fraud have since been tied to messages sent by the SMS blaster. The victims in these cases respectively reside in Spata, in downtown Athens, and in Maroussi, a northern suburb of Athens.

Greek police released an image of the equipment they found; this has been reproduced at the bottom of the article. Regular readers will also recognize another element commonly seen in photographs of devices seized during SMS blaster busts worldwide: a DC-to-AC electricity converter in the distinctive orange case of Chinese manufacturer NFA. We have also collated images of NFA converters that powered SMS blasters in Hong Kong, Japan, Malaysia, the Philippines, Qatar, Serbia, Thailand, Türkiye and the United Kingdom. There is nothing illegal about making and selling devices that convert DC electricity to AC, but the use of the same Chinese manufacturer’s equipment by Chinese criminals arrested in such a wide spread of countries would suggest common supply chains are enabling the intercontinental spread of SMS blaster crime.

A lot is said about the need for collaboration to reduce fraud but the extent of voluntary collaboration can be gauged by:

the widespread, but often unacknowledged dependence on this website to monitor and analyze information about SMS blaster crime from around the world; and
the information provided here for free is not even quoted correctly by the authorities.
The Greek authorities advised their local press that Greece is the fifth European country to be attacked using an SMS blaster. Commsrisk’s open source intelligence is evidently having an impact because press reports of earlier busts usually featured ineptly random lists of a few places where SMS blasters had been found before. The SMS blaster map on our Global Fraud Dashboard shows that Greece is at least the sixth country in Europe to discover smishing messages from SMS blasters carried by car. The other five European countries are, in chronological order of when their cases were reported: France, Norway, the United Kingdom, Switzerland and Serbia. Fake base stations that transmitted SMS messages have also been identified in Türkiye although the Turkish authorities insist those devices were used for espionage instead of smishing fraud. Note also that a Chinese national based in Istanbul was involved in the supply of those fake base stations and that an NFA power converter was used in conjunction with one of them.

The new case from Athens has been added to our SMS blaster map. If you believe a useful purpose is served by the open source intelligence that is automatically harvested by our Global Fraud Dashboard then please consider donating to the crowdfunding campaign we will launch soon. The goal is to finance the development work for a massive expansion of the number of charts on the dashboard and the range of data sources that it monitors.

I draw one overriding conclusion from the general ignorance surrounding the spread of SMS blaster crime: national authorities are not gathering and exchanging intelligence that would help them anticipate the spread of international crimes involving communications tech. They do not formulate plans to protect the public until they have identified crimes occurring within their jurisdictions. If detection depends on dumb luck, as it has in many of the European cases, then a lot of crime can occur before the authorities will react. This is a dangerous approach when dealing with crimes involving electronic communications as they are easily spread to new countries. Insufficient importance is attached to systematically detecting these crimes even though a few countries have researched and implemented technologies to proactively identify SMS blasters. Nor are we thinking strategically about safety. A rogue base station can be used for smishing fraud, or for espionage, or to spread panic.

If I were Vladimir Putin, a former spook with a penchant for destabilizing other countries through black ops and disinformation, then I would be laughing at European governments that talk a lot about preparing for conflict but have not modified mobile networks to reveal how many fake base stations are being transported around the continent. The invasion of Ukraine has prompted a rapid evolution in the ways electronic communications are exploited for warfare. Manufacturers of military drones commonly advertise versions that carry IMSI-catchers, a kind of surveillance device that mimics base stations in much the same way that SMS blasters do. Meanwhile, Europe remains so blasé about SMS blasters that a Chinese national could rent a car in, say, Estonia or Bulgaria, then drive it the whole way to Portugal or Italy, blasting SMS messages along the entire route, without anyone trying to stop him. The method is currently being used for fraud but it could just as easily spread disinformation with the intention to cause mayhem ahead of an invasion.

My guess (and hope) is that 2026 will be the year when most European police and governments will finally stop pretending that SMS blasters are a ‘new’ problem that will simply go away if they ignore it. To put the current European situation into context, consider that the mushrooming of SMS blaster crime was witnessed a decade ago across a similarly-sized geographic region. Chinese legal reports show there had already been over 1,600 separate prosecutions involving fake base stations by 2016. The Chinese authorities responded by taking radical action to punish the manufacture and sale of SMS blasters as well as their use by criminals. It seems they care less about the export of SMS blasters now that the domestic threat has been quelled.

Instead of learning from China’s example, European authorities behave as if there is no need to proactively tackle the supply of SMS blasters. I doubt Europe has the same determination to fight crime as the authorities in China, even if it was capable of marshaling and coordinating resources in the way the Chinese Communist Party can. Fearing they might be overwhelmed by exports from China, various East Asian countries have banned the importation of SMS blasters and run sting operations to disrupt supply lines.

Meanwhile, false base stations can openly be bought through websites — on condition they are never used within China — and Western internet firms including Google do nothing about adverts that promote their sale. Those involved in European legislation and regulation dither over how to write a definition of SMS blasters that can be used to make them illegal without prohibiting legitimate radio telecoms equipment. Presumably these dunderheads will later do what they always do: wait for a crisis to occur then seek praise for reacting to it while pretending there was no way to anticipate it.

Look immediately below for the Greek police photograph of the equipment they seized, and keep scrolling for comparative photos of NFA converters used to power SMS blasters found in (clockwise from top left): Hong Kong; Malaysia; Thailand; Türkiye; the United Kingdom; Manila in the Philippines; Bulacan in the Philippines; Serbia; Qatar; and Japan.

| Reuters reuters.com
By Jeff Horwitz
December 31, 20252:00 PM GMT+1

A Reuters investigation examines its tactics, including efforts to make scam ads “not findable” when authorities search for them.
As regulators press Meta to crack down on rogue advertisers on Facebook and Instagram, the social media giant has drafted a “playbook” to stall them. Internal documents seen by Reuters reveal its tactics, including efforts to make scam ads “not findable” when authorities search for them.

SAN FRANCISCO - Japanese regulators last year were upset by a flood of ads for obvious scams on Facebook and Instagram. The scams ranged from fraudulent investment schemes to fake celebrity product endorsements created by artificial intelligence.
Meta, owner of the two social media platforms, feared Japan would soon force it to verify the identity of all its advertisers, internal documents reviewed by Reuters show. The step would likely reduce fraud but also cost the company revenue.
To head off that threat, Meta launched an enforcement blitz to reduce the volume of offending ads. But it also sought to make problematic ads less “discoverable” for Japanese regulators, the documents show.
The documents are part of an internal cache of materials from the past four years in which Meta employees assessed the fast-growing level of fraudulent advertising across its platforms worldwide. Drawn from multiple sources and authored by employees in departments including finance, legal, public policy and safety, the documents also reveal ways that Meta, to protect billions of dollars in ad revenue, has resisted efforts by governments to crack down.

In this case, Meta’s remedy hinged on its “Ad Library,” a publicly searchable database where users can look up Facebook and Instagram ads using keywords. Meta built the library as a transparency tool, and the company realized Japanese regulators were searching it as a “simple test” of “Meta’s effectiveness at tackling scams,” one document noted.
To perform better on that test, Meta staffers found a way to manage what they called the “prevalence perception” of scam ads returned by Ad Library searches, the documents show. First, they identified the top keywords and celebrity names that Japanese Ad Library users employed to find the fraud ads. Then they ran identical searches repeatedly, deleting ads that appeared fraudulent from the library and Meta’s platforms.
Instead of telling me an accurate story about ads on Meta’s platforms, it now just tells me a story about Meta trying to give itself a good grade for regulators.

Sandeep Abraham, former Meta fraud investigator

The tactic successfully removed some fraudulent advertising of the sort that regulators would want to weed out. But it also served to make the search results that Meta believed regulators were viewing appear cleaner than they otherwise would have. The scrubbing, Meta teams explained in documents regarding their efforts to reduce scam discoverability, sought to make problematic content “not findable” for “regulators, investigators and journalists.”

Within a few months, they said in one memo after the effort, “we discovered less than 100 ads in the last week, hitting 0 for the last 4 days of the sprint.” The Japanese government also took note, the document added, citing an interview in which a prominent legislator lauded the improvement.
Meta has studied searches of its Ad Library and worked to reduce the "discoverability" of problematic advertising. Documents reviewed by Reuters, and highlighted here by the news agency, show internal discussions about the effort. REUTERS
Meta has studied searches of its Ad Library and worked to reduce the "discoverability" of problematic advertising. Documents reviewed by Reuters, and highlighted here by the news agency, show internal discussions about the effort. REUTERS
“Fraudulent ads are already decreasing,” Takayuki Kobayashi, of the ruling Liberal Democratic Party, told a local media outlet. Kobayashi didn’t respond to a Reuters request for comment about the interview.
Japan didn’t mandate the verification and transparency rules Meta feared. The country’s Ministry of Internal Affairs and Communications declined to comment.
So successful was the search-result cleanup that Meta, the documents show, added the tactic to a “general global playbook” it has deployed against regulatory scrutiny in other markets, including the United States, Europe, India, Australia, Brazil and Thailand. The playbook, as it’s referred to in some of the documents, lays out Meta’s strategy to stall regulators and put off advertiser verification unless new laws leave them no choice.
The search scrubbing, said Sandeep Abraham, a former Meta fraud investigator who now co-runs a cybersecurity consultancy called Risky Business Solutions, amounts to “regulatory theater,” distorting the very transparency the Ad Library purports to provide. “Instead of telling me an accurate story about ads on Meta’s platforms, it now just tells me a story about Meta trying to give itself a good grade for regulators,” said Abraham, who left the company in 2023.

Meta spokesperson Andy Stone in a statement told Reuters there is nothing misleading about removing scam ads from the library. “To suggest otherwise is disingenuous,” Stone said.
By cleaning those ads from search results, the company is also removing them from its systems overall. “Meta teams regularly check the Ad Library to identify scam ads because when fewer scam ads show up there that means there are fewer scam ads on the platform,” Stone wrote.
Advertiser verification, he said, is only one among many measures the company uses to prevent scams. Verification is “not a silver bullet,” Stone wrote, adding that it “works best in concert with other, higher-impact tools.” He disputed that Meta has sought to stall or weaken regulations, and said that the company’s work with regulators is just part of its broader efforts to reduce scams.
Those efforts, Stone continued, have been successful, particularly considering the continuous maneuvers by scammers to get around measures to block them. “The job of chasing them down never ends,” he wrote. The company has set global scam reduction targets, Stone said, and in the past year has seen a 50% decline in user reports of scams. “We set a global baseline and aggressive targets to drive down scam activity in countries where it was greatest, all of which has led to an overall reduction in scams on platform.”
Meta’s internal documents cast new light on the central role played by fraudulent advertising in the social media giant’s business model – and the steps the company takes to safeguard that revenue. Reuters reported in November that scam ads Meta considers “high risk” generate as much as $7 billion in revenue for the company each year. This month, the news agency found that Meta tolerates rampant fraud from advertisers in China.
In response to Reuters’ coverage, two U.S. senators urged regulators at the Securities and Exchange Commission and the Federal Trade Commission to investigate and “pursue vigorous enforcement action where appropriate.” Citing Reuters reporting, the attorney general of the U.S. Virgin Islands also sued Meta this month for allegedly “knowingly and intentionally” exposing users of its platforms to “fraud and harm” and “profiting from scams.” Stone said Meta strongly disagrees with the lawsuit’s allegations.
In Brussels, where European authorities have also been focused on scams, a spokesperson for the European Commission told Reuters its regulators had recently asked Meta for details about its handling of fraudulent advertising. “The Commission has sent a formal request for information to Meta relating to scam ads and risks related to scam ads and how Meta manages these risks,” spokesperson Thomas Regnier wrote. “There are doubts about compliance.” He didn’t elaborate.
The documents reviewed by Reuters show that Meta assigned its handling of scams the top possible score in an internal ranking of regulatory, legal, reputational and financial risks in 2025. One internal analysis calculated that possible regulation in Europe and Britain that would make Meta liable for its users’ scam losses could cost the company as much as $9.3 billion.
EMPLOY A “REACTIVE ONLY” STANCE
One big push among regulators is to get Meta and other social media companies to adopt what is known as universal advertiser verification. The step requires all advertisers to pass an identity check by social media platforms before the platforms will accept their ads. Often, regulators request that some of an advertiser’s identity information also be viewable, allowing users to see whether an ad was posted locally or from the other side of the world.
Google in 2020 announced that it would gradually adopt universal verification, and said earlier this year it has now verified more than 90% of advertisers. Along with requiring verification in jurisdictions where it’s legally mandated, Meta offers to voluntarily verify some large advertisers and sells “Meta Verified” badges to others, combining identity checks with access to customer support staff.
Documents reviewed by Reuters say that 55% of Meta’s advertising revenue came from verified sources last year. Stone, the spokesperson, added that 70% of the company’s revenue now comes from advertisers it considers verified.
The internal company documents show that unverified advertisers are disproportionately responsible for harm on Meta’s platforms. One analysis from 2022 found that 70% of its newly active advertisers were promoting scams, illicit goods or “low quality” products. Stone said that Meta routinely disables such new accounts, “some on the very day that they’re created.”
Meta’s documents also show the company recognizes that universal verification would reduce scam activity. They indicate that Meta could implement the measure in any of the countries where it operates in less than six weeks, should it choose to do so.
But Meta has balked at the cost.
Despite reaping revenue of $164.5 billion last year, almost all of which came from advertising, Meta has decided not to spend the roughly $2 billion it estimates universal verification would cost, the documents show. In addition to that cost of implementation, staffers noted, Meta could ultimately lose up to 4.8% of its total revenue by blocking unverified advertisers.
I expected that the company would have continued to do more verification, and personally felt that was something that all major platforms should be doing.

Rob Leathern, a former senior director of product management at Facebook

Instead of adopting verification, Meta has decided to employ a “reactive only” stance, according to the documents. That means resisting efforts at regulation – through lobbying but also through measures like the scrubbing of Ad Library searches in Japan last year. The reactive stance also means accepting universal verification only if lawmakers mandate it.
So far, just a few markets, including Taiwan and Singapore, have done so.
Even then, the documents show, the financial costs to Meta have remained small. Meta’s own tests showed verification immediately reduced scam ads in those countries by as much as 29%. But much of the lost revenue was recouped because the same blocked ads continued to run in other markets.
If an unverified advertiser is blocked from showing ads in Taiwan, for example, Meta will show those ads more frequently to users elsewhere, creating a whack-a-mole dynamic in which scam ads prohibited in one jurisdiction pop up in another. In the case of blocked ads in Taiwan, “revenue was redistributed/rerouted to the remaining target countries,” one March 2025 document said, adding that consumer injury gets displaced, too. “This would go for harm as well,” the document noted.
Meta analyses found that even when verification blocked ads in one market, those same ads would still generate revenues for the company in other markets. Highlighting of internal document reviewed by Reuters. REUTERS
Meta analyses found that even when verification blocked ads in one market, those same ads would still generate revenues for the company in other markets. Highlighting of internal document reviewed by Reuters. REUTERS
Meta’s documents show the company believes its efforts to defeat regulation are succeeding. In mid-2024, one strategy document called the prospect of being “required to verify all advertisers” worldwide a “black swan,” a term used to describe an improbable but catastrophic event. In the months afterwards, policy staffers boasted about stalling regulations in Europe, Singapore, Britain and elsewhere.
In July, one Meta lobbyist wrote colleagues after they thwarted stricter measures considered by financial regulators in Hong Kong against financial scams. To get ahead of the effort, staffers helped regulators draft a voluntary “anti-scam charter.” They coordinated with Google, which also signed the charter, to present a “united front,” the document says. “Through skillful negotiations with regulators,” the Meta lobbyist wrote, Hong Kong relaxed rules that would have forced verification of financial advertisers. “The finalised language does not introduce new commitments or require additional product development.”
Hong Kong regulators, the lobbyist added, “have shown huge appreciation for Meta’s leading participation.”
Meta regulations screen shot
Meta staffers boasted about success slowing the push by authorities for advertiser verification. In one document, highlighted here by Reuters, Meta employees say their lobbying in Hong Kong thwarted "new commitments" in local regulations. REUTERS
A Google spokesperson said the company signed onto the charter because it believed it would benefit customers. Google participated, he said, of its own accord and as the result of direct engagement with Hong Kong regulators.
In a statement, Hong Kong financial regulators said that “advertiser verification is one of many ways social media platforms can protect the investment public.” They declined to respond to Reuters’ questions about Meta and noted that the regulators involved with the charter don't themselves have the authority to impose advertiser verification requirements.
“All social media platforms should strengthen their efforts to detect and remove fraudulent and unlawful materials,” they added.
“INDUSTRY AND REGULATORY EXPECTATIONS”
Fraud across social media platforms has surged in recent years, fueled by the rise of untraceable cryptocurrency payments, AI ad-generation tools and organized crime syndicates. Mob rings have found the business so lucrative that they employ forced labor to staff well-documented “scam compounds” that generate waves of fraudulent content from southeast Asia. Internally, Meta has cited estimates that such compounds are responsible for $63 billion in annual damage to consumers worldwide.
In some countries, regulators have determined that Meta platforms host more fraudulent content than its online competitors. In February 2024, Singapore police reported that more than 90% of social media fraud victims in the city state had been scammed through Facebook or Instagram. In a statement to Reuters, a spokesperson for Singapore’s Ministry of Home Affairs wrote that “Meta products have persistently been the most common platforms used by scammers.”
“We have repeatedly highlighted our deep concern over the continued prevalence of scams on Meta’s platforms,” the statement continued. After Reuters’ inquiries for this report, it added, Singapore authorities have asked Meta for more information and will broaden existing verification measures, including some mandating the use of facial recognition technology to prevent the impersonation of public figures. “We have reiterated that more needs to be done to secure Meta’s products and protect users from scams, instead of prioritising its profits. We have requested for a formal explanation from Meta and will take enforcement action if Meta is found to be in violation of legal requirements.”
A known weakness in Meta’s defenses is the ease of advertising on its platforms.
To purchase most advertisements, all a client needs is a user account – easily created with an email or phone number and a user-supplied name and birthdate. If Meta doesn’t verify those details, it can’t know who it’s doing business with. Even if an advertiser gets banned, there is nothing to stop it from returning with a new account. A fraudster can merely sign up again.
Meta has known about the problem for years, documents and interviews with former staffers show.
In the 2016 U.S. presidential election, fake political ads flooded Facebook with disinformation. In response, the company took steps to reduce chances that could happen again. Back then, foreign actors seeking to influence the election easily placed ads masquerading as Americans. Some Russian advertisers pretending to be American political activists even paid for such ads in rubles, Meta has said.
Starting in 2018, the company began requiring a valid identity document and a confirmed U.S. address before clients could place political ads. In addition to providing verification for the company itself, the general details, including the name and location of the advertiser, could be viewed by users, too.
Rob Leathern, a former senior director of product management at Facebook who oversaw the effort to verify political advertisers, said the added transparency and accountability led some staffers to believe that Meta would broaden it to all advertisers. “I expected that the company would have continued to do more verification, and personally felt that was something that all major platforms should be doing,” said Leathern, who left the company at the end of 2020.
Meta in 2018 also introduced its Ad Library, an easily searchable database of all ads that run on its platforms. The company, the documents show, expected to generate goodwill with the library, particularly with regards to political advertisements. Competitors, including Google, soon launched ad libraries of their own.

In the years that followed, Meta continued to acknowledge the effectiveness of both transparency and verification. So-called “know your customer policies,” Meta staffers wrote in a November 2024 document, are “commonly understood to be effective at reducing scam-risks.” They noted a competitive component, too, citing Google’s move at the start of the decade to adopt universal verification: “Google’s approach to verify all advertisers is recalibrating industry and regulatory expectations.”
Meta, however, has been reluctant to pay for it.
The internal documents show that last year Meta consulted with a company that works with Google to verify advertisers. Meta officials, according to the documents, wanted to know how much it would cost to follow suit. But the answer – at least $20 per advertiser – proved too costly for their liking, one document said.
The Meta spokesperson said that the company, regardless of cost, didn’t work with the vendor because its verification process took too long.
The potential for lost revenue has also given the company pause.
In addition to lost income from advertisers culled by verification, stricter measures could also cannibalize a paid program through which Meta already charges advertisers for similar status. The program, known as “Verified for Business,” costs clients as much as $349.99 per month and allows businesses to display a badge assuring users that Meta has authenticated their profile. Meta describes the program as more than just basic verification, offering advertisers better customer support and protections against impersonation.
Still, the documents show, Meta managers fear those revenues could shrivel if the company adopts verification for all advertisers.
“WE HAVE AN OPPORTUNITY”
In 2023, because of a sharp rise in ads for investment scams, Taiwan passed legislation ordering social media platforms to begin verifying advertisers of financial products. The self-governing island, population 23 million, is small compared to Meta’s major markets, but the company’s response there helps illustrate how resistant Meta has been to growing regulatory scrutiny worldwide.
In private conversations, the documents show, Taiwanese regulators told Meta it needed to demonstrate it was taking concrete steps to help reduce financial scam ads. When it came to financial fraud, the regulators said, Meta needed to verify the identity of those advertising financial services and respond to reports of fraud within 24 hours.
Meta, according to the documents, told Taiwan it needed more time to comply. Regulators agreed. But Meta, the documents show, in the months that followed didn’t address the problem to the government’s satisfaction.
Frustrated, the Taiwanese regulators last year issued new demands. Now, the new regulations stated, Meta and the owners of other major platforms would have to verify all advertisers. Regulators told Meta it would be fined $180,000 for every unverified scam ad it ran, Meta staffers wrote.
If it didn’t comply, the staffers calculated, the resulting fines would exceed Meta’s total profits in Taiwan. It would be cheaper to abandon the market than to disobey, they concluded.
Meta complied, rushing to verify advertisers ahead of regulators’ deadlines.
In a statement to Reuters, Taiwan’s Ministry of Digital Affairs said stricter regulations over the past year brought down rates of scam ads involving investments by 96% and identity impersonation by 94%. In addition to requiring major social media platforms to verify advertisers, Taiwan has developed its own AI system to scan ads on Meta’s platform, set up a portal for citizens to report fraudulent ads, and established public-private partnerships to detect scams, the ministry added.
Over the course of 2025, the statement said, Taiwan has fined Meta about $590,000 for four violations of the law. The ministry said it “will maintain a close watch on shifting fraud risks.”
The new rules gave Meta the opportunity to study the impact that full verification would have on its business. Before the new regulation, according to internal calculations, about 18% of all Meta advertising in Taiwan, or about $342 million of its annual ad business there, broke at least one of the company’s rules against false advertising or the sale of banned products. Unverified advertisers, one analysis found, produced twice as much problematic advertising as those who submitted verification details.
Their analyses also revealed the whack-a-mole dynamic.
Because scamming is a global business – and Meta’s algorithms allow clients to choose multiple markets in which to advertise – many advertisers seeking to place fraudulent posts do so in more than one geography. Meta experiments showed that while fraudulent ads decreased in Taiwan after the rule change, its algorithms simply rerouted them to users in other markets.
“The implication here is that violating actors that only require verification in one country, will shift their harm to other countries,” one analysis spelled out. Unless advertiser verification was “enforced globally,” staffers wrote, Meta wouldn’t so much be fighting scams as relocating them.
The documents included briefing notes prepared for Chief Executive Mark Zuckerberg about the dynamic. Reuters couldn’t determine whether the Meta boss ever saw the notes or was briefed on their contents. But the message delivered a similar conclusion. It also warned of a complication: If enforcement in one jurisdiction worsened the problem of fraud in others, regulators in the newly impacted markets were likely to crack down, too.
Meta spokesperson Stone said he couldn’t determine whether Zuckerberg received the briefing described in the document reviewed by Reuters.
Faced with the prospect of ever-expanding scrutiny, Meta considered embracing full verification voluntarily, the documents show. The goal, staffers wrote, could enable the company to appear proactive but also set terms and a timeline on its own. “We have an opportunity to set a goal of verifying all advertisers (and communicate our intention to do so externally, in order to better negotiate with lawmakers),” a November 2024 strategy document noted. Meta could “stage the rollout over time and set our own definitions of verification.”
Policy staff even planned to announce the decision during the first half of 2025, the documents show. But for reasons not specified in the documents, they postponed an announcement until the second half of the year and then cancelled it altogether. Leadership had changed its mind, a document noted, without saying why.
“MIMIC WHAT REGULATORS MAY SEARCH FOR”
Instead, Meta began to apply some of the lessons it learned in Japan.
That experience helped the company realize that Tokyo wasn’t the only government using Ad Library searches as a means of tracking online fraud. “Regulators will open up the ads library and show us multiple similar scam ads,” public policy staffers lamented in one 2024 document. Staffers also noted authorities were employing one feature that was proving especially useful: a keyword search. Unlike Google’s version, the Meta library made it easy to find scam ads through searches with terms like “free gift” or “guaranteed profit.”
Managers overseeing a revamp of the Ad Library proposed eventually killing the keyword feature entirely, the documents show. Wary of blowback from regulators, however, Meta decided not to. The Meta spokesperson said Meta is not considering it.
The company did, however, change the library so that searches returned fewer objectionable ads.
One adjustment made searches default to active ads, reducing the number of search results by eliminating content that Meta had already blocked through prior screening. The change made fraudulent ads from the past absent from new search results.
Staffers also made Meta’s systems rerun enforcement measures on all ads that appeared during new Ad Library searches, the documents show. That adjustment gave Meta a second chance to scrap violators that had previously evaded fraud filters.
One of the most useful tactics it learned in Japan was Meta’s mimicry of searches performed by regulators. After repeating the same queries, and deleting problematic results, staffers could eventually go days without finding scam ads, one document shows.
As a result, Meta decided to take the tactic global, performing similar analyses to assess “scam discoverability” in other countries. “We have built a vast keyword list by country that is meant to mimic what regulators may search for,” one document states. Another described the work as changing the “prevalence perception” of scams on Facebook and Instagram.
Meta’s perception-management tools are now part of what the company has referred to as its “general global playbook” for dealing with regulators. The documents reviewed by Reuters repeatedly reference the “playbook” as steps the company should follow in order to slow the push toward verification in any given jurisdiction.
Beginning one year ahead of expected regulation, the playbook advises, Meta should tell the local regulators it will create a voluntary verification process. When doing so, the documents add, Meta should ask those authorities for time to let the voluntary measures play out. To buy yet more time, and further gauge reactions from regulators, Meta after six months should force verification upon “new and risky” advertisers, the playbook continues.
Meta playbook screenshot
Meta has devised a “global playbook,” summarized in the document here, to delay and weaken the push by regulators to mandate advertiser verification. Internal documents reviewed by Reuters show that verification reduces scam ads, but also costs Meta revenue. REUTERS
If ultimately regulators force mandatory verification for all, the playbook states, Meta should once again stall. “Keep engaging with regulator on extension,” one document advises.
The documents show Meta staffers celebrating the success of their efforts to change some perceptions.
In March, industry officials and regulators met for a conference in London organized by the Global Anti-Scam Alliance, a group that organizes regular gatherings to address online fraud. Meta staffers in one document celebrated the lack of scorn heaped on the company compared with previous events.
“There was a drastic shift in tone,” a project manager noted. “Meta was rarely called out whereas previously we were explicitly and repeatedly shamed for lack of action in countering fraud.”

| Eurojust | European Union Agency for Criminal Justice Cooperation
eurojust.europa.eu
Eurojust Press Team

Nine people suspected of money laundering have been arrested during a synchronised operation that took place in three countries at the same time. The suspects set up a cryptocurrency money laundering network that scammed victims out of over EUR 600 million. Eurojust, the EU’s judicial cooperation hub, ensured that French, Belgian, Cypriot, German and Spanish authorities worked together to take the network down.

The members of the network created dozens of fake cryptocurrency investment platforms that looked like legitimate websites and promised high returns. They recruited their victims using a variety of methods such as social media advertising, cold calling, fake news articles and fake testimonials from celebrities or successful investors.

When victims would transfer cryptocurrency to the platforms, they were never able to recover their money. The crypto assets earned through the various scams were then laundered using blockchain technology. The criminals were able to launder approximately EUR 600 million.

Investigations into the network started when authorities received several complaints from victims. Eurojust ensured that the authorities were able to work together in a fast and efficient manner by setting up a joint investigation team between French and Belgian authorities. As other countries had to be involved during the actions, Eurojust brought prosecutors and investigative judges from France, Belgium, Cyprus, Spain and Germany together to plan the takedown of the network.

Actions against the suspects took place on 27 and 29 October and were coordinated from the Eurojust premises in The Hague. Nine suspects were arrested at their homes in Cyprus, Spain and Germany on suspicion of their involvement in money laundering from fraudulent activities. At the same time, searches took place that resulted in the seizure of EUR 800 000 in bank accounts, EUR 415 000 in cryptocurrencies and EUR 300 000 in cash.

The actions were carried out by the following authorities:

France: Investigative Judge of the Court of Paris JUNALCO (National Jurisdiction against Organised Crime) - Cybercrime Unit; Gendarmerie Nationale - Cyber Unit
Belgium: PPO Limburg; Investigating Judge of the Court of 1st Instance in Limburg; Federal Judicial Police Limburg
Cyprus: Attorney General's Office; MOKAS; Cyprus Police
Germany: Public Prosecutor’s Office Cologne; Cologne Criminal Police
Spain: PPO Barcelona - International Cooperation Section; Investigative Court num 5 in Vilanova i la Geltrú; Mossos d’Esquadra (Cybercrime Central Area); Policía Nacional (Cybercrime Central Unit and Barcelona and Oviedo Provincial Brigade of Judicial Police)

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) -- such as .shop, .top, .xyz -- that attract scammers with rock-bottom…

Beware before calling Apple for assistance as scammers are creating malicious ads and fake pages to lure you in.

Discover how SMS scammers are exploiting cloud storage to host scam websites with the intention of stealing sensitive information

Explore the shift in phishing from Dark web to Telegram, where cybercriminals trade tools and data, and uncover Guardio's insights on countering this menace.

A new strain of ransomware called MadCat has been linked by security researchers to suspected scammers who pretend to sell passport details on the dark web so they can rip off their fellow crooks.

Videos collected by 404 Media over months give a peep inside the world of spoofing numbers, automated call scripts, and a specific seller of the phones.

Chinese sextortion scam accounts flood X (previously Twitter) after the platform introduced a blue-check policy allowing users to buy verified badges.

ESET researchers uncover a toolkit that operates as a Telegram bot and helps scammers target victims on online marketplaces, mainly in Russia.

On cybercrime forums, user complaints about being duped may accidentally expose their real identities.

Scammers go mainstream by hijacking top Google searches and replacing them with malicious ads.