Facebook often seems to favor advertisers, even at the expense of user safety, with inadequate support for victims of malicious ads.

From the evidence so far, it seems Facebook favors advertisers over users, even in cases where ads containing spammy links harm the user.

We recognize Facebook as a highly popular social network. However, META and its services fail to provide adequate support and solutions for users in need.

As Facebook has grown and succeeded, arrogance seems to have grown alongside it. We’ve witnessed an alarming level of irresponsibility and outright neglect toward users. In countries with weak legal systems, you’re left to fend for yourself as a victim, with no recourse.

Recently, numerous reports have emerged about website links on Facebook that redirect users to apps aggressively attacking their devices, compromising both security and privacy.

Here’s a real-life example based on verified facts:

  1. Facebook displays a video ad promoting an AI app sponsored by dubious actors.
  2. A Facebook user, intrigued by the ad, clicks on it, downloads the app, and begins installation (on a regularly updated Windows 10 PC).
  3. Before the installation completes, the app initiates an aggressive attack, stealing sensitive data and passwords.
  4. The attack targets data stored in Google Chrome, bypassing Windows Security.
  5. Realizing the situation, the user disconnects the internet and spends seven hours trying to mitigate the damage. However, significant harm has already been done.
  6. The user reports the ad to Facebook, initiating a frustrating series of events.
  7. Facebook responds days later with its usual dismissive tone: “We didn’t remove the ad” and a vague explanation, followed by: “If you disagree with the decision not to take the ad down, you can request a review.”
  8. The user submits the report again, receiving the same response four times.
  9. Meanwhile, the attackers have gained access to the user’s Facebook account and use it to create an Instagram account.
  10. Facebook suspends the user’s account, claiming: “Your Facebook account was suspended because your Instagram account (‘unknown username’) doesn’t follow our rules. Log into your Instagram account to appeal our decision.”
  11. The user, who has no knowledge of this Instagram account, is left locked out of their Facebook account. Attempts to resolve the issue via Instagram lead to a confusing maze of options with no clear solution.

This scenario has happened to many others, raising concerns about the extent of damage attackers can inflict during the period of access. Meanwhile, the malicious websites, apps, and ads that caused the attack remain active.

Note: Photos illustrating the case are available below. Some details have been blurred to protect the user’s privacy.

 

FB ad promoting an fake AI app Facebook ad reported 4 times. Facebook ignores reported spam Facebook causes confusion.

 

The Facebook page and website shown in the image above have used various methods to mask their actions and avoid penalties in case of reporting. They have changed names multiple times on Facebook. There were two different domains involved: one with a [.com] extension and another with a [.org] extension. They also used various subdomains such as “get.” and “ai.” According to reports, the spam application was hosted on both websites, particularly on the [.org] version.

 

spam ad in google search results

Unfortunately, later we dictated that this ad is also advertised in  Google Search. This is really harmful and quite discouraging.

 

What You Can Do to Protect Yourself

Although Facebook shows little accountability, there are steps you can take to safeguard your accounts and devices:

  • Use a phone number as a backup for account recovery.
  • Secure your email with a strong password, enable two-factor authentication, and link it to a recovery phone number.
  • Apply the same measures to your social media accounts.
  • If you change your phone number, keep the old one active until all your accounts are securely updated.

To ensure your security:

  • Treat your phone number, Google Account (on Android), Microsoft Account (on Windows), and Apple ID (on iOS/macOS) as the foundation of your digital security. Avoid making changes to these without first securing your dependent accounts, such as social media accounts.

Enjoy the internet, but exercise caution. With proper care, you can minimize risks and avoid falling victim to abuse or negligence.

We hope to provide more engaging and informative content in future articles.