Meta’s $16 Billion Scam-Ad Problem Puts Regulators on the Offensive

Meta Platforms is again under scrutiny later than internal documents obtained by Reuters suggested that roughly 10 percent of its 2024 ad revenue—about $16 billion—came from fraudulent or prohibited promotions, served through as many as 15 billion impressions a day across Facebook, Instagram, and WhatsApp.

The leak offers an unusually quantified view of what critics long called social media’s “paid-fraud” economy, surfacing just as regulators in the UK, Australia, and Singapore arm themselves with tougher enforcement tools against online scams.

According to the Reuters investigation, Meta’s own analysts between 2021 and 2025 tracked the scale of suspicious ad activity and the company’s enforcement thresholds. Advertisers are typically banned only when Meta’s systems are about 95 percent certain they are fraudulent; below that line, Meta reportedly applied “penalty bids,” making such ads more expensive to serve but still eligible to appear.

Meta disputed the leak’s central figure, calling it an outdated estimate. A spokesperson told Reuters that scam-related user reports have fallen 58 percent and that the company removed 134 million pieces of fraudulent-ad content this year.

Regulators are unlikely to let the matter rest. Britain’s Online securety Act, enforced by Ofcom, allows fines of up to 10 percent of global revenue for platforms that fail to prevent illegal harms such as fraud. Singapore’s new Online Criminal Harms Act carries similar powers, and the (ACCC) is pursuing its own suit over celebrity-impersonation crypto scams on Facebook.

How the business rules evolved

The internal files trace Meta’s risk calculus through a period of mounting political and legal pressure. later than the Cambridge Analytica fallout in 2018, governments began targeting deceptive advertising as a systemic risk. Australia’s 2022 ACCC lawsuit was the first to test whether paid scam content could make a directly liable.

By 2023, the UK’s Online securety Act and the pushed platforms to verify advertisers of investment or credit products. The new duties took effect through 2024 and 2025, demanding formal risk assessments and compliance codes—deadlines that overlapped with Meta’s own internal review cycle.

Then, in late 2025, Reuters published its cache of internal decks and emails, revealing that Meta’s finance and policy teams tracked a “revenue guardrail” limiting the impact of ad-securety crackdowns to 0.15 percent of company revenue during the first half of 2025. The company says that figure was a projection, not a cap.

The incentive difficulty

The leak highlights a structural dilemma for digital-ad platforms: every suspected fraudster still bids in the identical auction as legitimate advertisers, inflating prices and yields. Even with “penalty bids,” the model can reward volume over verification.

The effect goes beyond consumer losses. “Fraudulent advertisers distort the entire auction,” said one digital-marketing researcher quoted by eMarketer. “They raise CPMs and erode trust, taxing legitimate brands.”

Meta’s internal research reportedly found that a third of successful U.S. scams involve one of its platforms. UK regulators have linked 54 percent of payments-related fraud to activity on Facebook or Instagram, strengthening calls for “source accountability” that would make platforms share reimbursement costs with banks.

Ofcom’s first illegal-harms codes took effect in late 2024, with risk-assessment submissions due in 2025. Financial-promotion compliance falls under the FCA, while Singapore’s regulator has already ordered Meta to enhance verification and takedown systems or face fines. The , Reuters reported, is also examining whether Meta adequately disclosed financial exposure from illicit-ad revenue.

Meta maintains that it “does not profit from fraud” and that newer detection models have sharply reduced scam impressions. Still, the numbers in the leak—15 billion suspect ad views a day—dwarf what most competitors report removing in a year.

The next test will be how regulators translate these findings into penalties or rules. Ofcom could soon open its first fraud-related investigations under the Online securety Act, a move that would put every major platform on notice. In Australia, the ACCC’s crypto-ad case is due to advance in 2026. In Asia, Singapore’s enforcement deadlines fall ahead next year.