Risky Bulletin - Srsly Risky Biz: Meta's Fraud Profit Scandal
Podcast: Risky Bulletin
Host: Amber Lee Jack (A)
Guest: Tom Uran (B), Policy and Intelligence Editor
Date: November 13, 2025
Episode Overview
This episode dives deep into the recent Reuters exposé revealing Meta's (Facebook's parent company) massive profits from scam and fraud advertisements—an eye-opening scandal in the world of big tech and cybersecurity policy. Host Amber Lee Jack and guest Tom Uran critically analyze Meta's internal incentives to let scam ads proliferate, the shocking revenues involved, and the company's tepid enforcement. They also touch upon broader cybersecurity issues, including the restrained behavior of state-sponsored attackers in supply chain breaches and a principled intelligence rift between the UK and US over controversial anti-drug operations in the Caribbean.
1. Meta’s Scam Ad Revenue: Whistleblowing & Shocking Revelations
Key Discussion Points
-
Reuters' Damning Investigation
- Meta projected to earn $16 billion in 2024 from scam and fraud ads.
- Internal financial incentives appear to encourage management to ignore the problem.
- Meta's risk models weigh legal risks against profits.
-
Meta’s Approach to Scam Ads
- Automated ad review systems only block ads if they are 95% likely to be scams—a high threshold that lets many slip through.
- Meta reportedly performs worse than peers at blocking scam ads.
-
Cost of Doing (Unethical) Business
- Meta categorized "high-legal risk" ads, e.g., those impersonating celebrities or brands with the means to sue.
- The company calculated that revenues from such ads outweigh potential legal penalties.
- Notable example: 230,000 scam ads impersonating Australian billionaire Andrew Forrest.
-
Perverse Incentives and Algorithmic Fallout
- Meta charges higher rates to advertisers they suspect of being scammers, ironically increasing profits from those likely to be running scams.
- Users who interact with scam ads are more likely to be shown additional scam ads.
Notable Quotes & Moments
-
On the size of Meta’s scam-ad profits:
- "Meta's own prediction was that it was going to be $16 billion... and there were all sorts of financial incentives that encourage management to basically turn a blind eye."
— Tom Uran [01:05]
- "Meta's own prediction was that it was going to be $16 billion... and there were all sorts of financial incentives that encourage management to basically turn a blind eye."
-
On the 95% certainty threshold:
- "They have to be 95% certain before they'll deny an advertiser. And I think there's a legitimate conversation about where do you set that bar? The first thought is 95% just seems very high."
— Tom Uran [01:37]
- "They have to be 95% certain before they'll deny an advertiser. And I think there's a legitimate conversation about where do you set that bar? The first thought is 95% just seems very high."
-
On legal risk vs. profits:
-
"They're making billions and billions of dollars, and that's likely greater than any fine we're going to get."
— Tom Uran [02:33] -
"The high legal risk ads was something like 7 billion a year and basically turning around and going—but anyone that sues us is going to be way less than that."
— Amber Lee Jack [02:53]
-
-
Australian Perspective (Andrew Forrest):
- "...Meta admitted that they'd run 230,000 ads featuring Andrew Forrest's likeness."
— Tom Uran [03:15]
- "...Meta admitted that they'd run 230,000 ads featuring Andrew Forrest's likeness."
-
Algorithmic side effect:
- "If you're shown a scam ad and you interact with it, you're more likely to be shown more scam ads, because that's the way algorithms work."
— Tom Uran [04:18]
- "If you're shown a scam ad and you interact with it, you're more likely to be shown more scam ads, because that's the way algorithms work."
-
Whistleblower comparison:
- "Whoever gave these documents to Reuters feels a bit like [the whistleblower] in The Insider."
— Tom Uran [05:26]
- "Whoever gave these documents to Reuters feels a bit like [the whistleblower] in The Insider."
-
Financial limits for tackling scams:
- "There's a team responsible for trying to tamp it down, and their limit was something like, you cannot cost us more than $135 million in revenue out of a $16 billion problem."
— Tom Uran [05:43]
- "There's a team responsible for trying to tamp it down, and their limit was something like, you cannot cost us more than $135 million in revenue out of a $16 billion problem."
Timestamps
- [00:04] Introduction, episode context
- [01:05] Meta's $16B scam-ad profits and financial incentives
- [02:33] Meta's internal threshold and legal risk calculus
- [03:15] Andrew Forrest case and machine learning shortcomings
- [04:18] Algorithmic amplification of scam exposure
- [05:26] Whistleblower parallels and Reuters impact
- [05:43] Meta's limited internal commitment to tackling scams
2. Broader Impacts and Reform Ideas
-
Emotional Fallout
- Real voices and lives affected: People whose likenesses were exploited received hurtful, confusing messages, with little recourse.
- "Every single one of them was saying to me, I've had people messaging me saying your face told me to buy whatever product." — Amber Lee Jack [06:25]
-
Reform Proposals
- Former Meta employees propose that profits from scam ads be forfeited to support anti-fraud nonprofit work.
- "If you just remove that [profit], it gives them an incentive just to... strike a better balance."
— Tom Uran [07:39]
3. State-Backed Hackers and Supply Chain Attacks
Key Discussion Points
-
Comparing Breach Responses
- SolarWinds attack (2020): Russian SVR compromised thousands but targeted only ~100 follow-ups.
- F5 attack: Presumed Chinese group gained similar access but seemed not to exploit it for a broader supply chain attack.
-
Changing Norms and Hypotheses
- After SolarWinds, several Chinese campaigns went “big” with mass exploitation (Exchange/SharePoint).
- Speculation that F5 attackers’ skills, operational mandate, or the immediate value of access affected their choices.
Notable Quotes
-
"If you're in the supply chain, if you're in something like F5, would you push out malware to everywhere?... It seems so far, not yet."
— Tom Uran [10:47] -
"Things are bad, but not as bad as they could be."
— Tom Uran [14:14]
Timestamps
- [08:33] SolarWinds vs. F5—and the evolving approaches of state hackers
- [11:51] Analysis of attacker motives, capabilities, and outcomes
4. UK Refuses to Share Caribbean Drug Smuggling Intel With the US
Key Discussion Points
-
US Drug War Controversy
- US military conducting deadly strikes on suspected drug smuggling boats in the Caribbean—legality is disputed.
- The UK withholds intelligence to avoid complicity in potentially illegal US actions.
-
Five Eyes Intelligence Dynamics
- Historical context of intelligence-sharing rifts among allies (e.g., New Zealand booted from certain streams for years).
- The UK's intelligence contribution is relatively minor, but the gesture is meaningful and principled.
Notable Quotes
- "It's not exactly symbolic, but it's making a stand on principle, which I think it's good to see."
— Tom Uran [17:40]
Timestamps
- [14:34] UK’s refusal to share intelligence and the background
- [15:55] Five Eyes context, fallout risks, and principled stance
5. Final Thoughts
- Meta’s approach to scam advertising reveals institutionalized tolerance and profit from fraud, to the detriment of both users and impersonated public figures.
- State-backed cyberattacks show restraint—sometimes due to operational limitations—suggesting shifting norms but also latent risk.
- UK's intelligence stand highlights how democratic allies grapple with legality and ethics in international security collaboration.
For more analysis, check out the Seriously Risky Business newsletter at Risky Biz.