Scammers are finding loopholes in restrictions brought in by Google and Meta to combat fake celebrity scam ads and experts warn they will be hard to stop while Australia remains a lucrative target for cybercriminals.
On Monday Meta announced it would require businesses targeting financial advertising at Australians to verify themselves, including through the Australian Securities Investment Commission, to check they hold an Australian financial services licence.
This came after increased pressure for tech companies to tackle the scourge of celebrity investment scams and other fraud taking place on their services, and before the federal government legislating framework that will force the tech companies to verify advertisers.
Google implemented a similar change in 2022 and there has been a marked downward trend in the number of reported losses from scams, from a peak of $53m and more than 25,000 reports in the month of May 2023.
But as of September 2024, the National Anti-Scams Centre still recorded $16m in losses from scams from more than 16,000 reports, with nearly half of the reports stating they had been scammed on social media.
Ads featuring investment scams, including celebrity investment scams, can still be seen on sites using Google’s ads, albeit less frequently than at the peak.
The company has said in 2023 it suspended 12.7m advertiser accounts – nearly double the previous year – and blocked or removed more than 5.5bn ads, including more than 273m for violating the company’s financial services policies.
Google said bad actors operating with more sophistication and at a greater scale were changing their tactics in an attempt to evade detection. This included impersonating genuine licence holders or using text manipulation to circumvent automatic detection.
The scammers also used cloaking to show Google’s ad reviewers and systems different ad content than they showed users, meaning the company had to keep developing its own detection strategies.
An RMIT cybersecurity professor, Asha Rao, said nothing would be 100% effective in deterring scammers but that the efforts of Google and Meta would reduce the flow. Rao said it was possible that scammers were finding loopholes.
Chester Wisniewski, the global field chief technology officer for the cybersecurity firm Sophos, said cybercriminals would always learn to how to evade capture.
“Cybercriminals are making millions of dollars and will continue to evolve tactics to bypass detection schemes – evident with Google’s previous shortcomings at cracking down on scams,” Wisniewski said.
He said he hoped Meta and Google’s actions would be the first of many.
“There is no silver bullet to stop scams on the internet, and while companies have a big responsibility to protect Australians, individuals should also exercise constant vigilance to be their own best protector online.”
Rafe Berding, a spokesperson for the cybersecurity firm AUCyber, said Australia would always be a lucrative market for scammers and it wasn’t solely up to the platforms to change that.
“The maturity of our technology [and] the wealth of our nation will always dictate that we will be one of the most scammed countries in the world,” he said.
“That is the reality, and it is a whole community effort through education, through legislation, through governance, that we can try and really stop it.”
