Report an incident
Back
  • About us
  • News
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

CERT Polska expectations from Meta regarding the problem of fraud on its social media platforms
05 December 2024 | CERT Polska | #facebook, #meta, #advertisements, #scam

On November 25, an analysis was published on the CERT Polska's website, which comprehensively shows how fraudsters use social media to target users in Poland. A link to the article was also posted on the Facebook platform. However, within a short time from publication, the material was removed. Other articles prepared by media outlets that decided to pick up on CERT Polska's publication suffered a similar fate. Although the material has now been republished, and sharing the link leading to it is now possible, the cybersecurity challenges have not disappeared.

Based on observations of fraudsters' activities on Meta-owned platforms, CERT Polska is calling for solutions that will help reduce the amount of harmful content. Among the most important changes that will improve user security are:

• More efficient detection of harmful content, also in Polish

Over the past few months, we detected thousands of malicious ads and posts. The content, prepared by scammers, was usually available for several hours at a time, making it easy to reach a potential victim.

We expect Meta to present a plan for implementing an effective detection solution for harmful content in Polish. We declare our readiness to participate in a workgroup, where we will provide examples of the content we identify.

• Employing Polish-speaking moderators

The problem is not only unsatisfactory fraud detection times. As we described in article on scams, reporting of obviously malicious content by users often ends in a lack of response. Scams reported by us or our partners also suffer a similar fate. This demonstrates the insufficient number of Polish-speaking moderators.

We therefore look forward to expanding the team of Polish-speaking moderators to take full advantage of and appreciate the involvement of partners and users who report fraud.

• Blocking users

Sometimes, thanks to the reporter's determination, the removal of harmful content is achieved. However, this cannot be considered a complete success. This is because usually the account that posted the malicious ad or post continues to function and continues its activities by publishing exactly the same content.

We expect to block users whose ads and posts have been marked as fraudulent several times.

• Integration with quality data sources

Stand-alone monitoring conducted by Meta does not offer the prospect of successfully combating fraud around the world. The best solution is to look for partners with knowledge and expertise, as well as awareness of the local cultural and economic context. Knowledge and data can be exchanged with such partners, in order to better ensure user security.

CERT Polska comprehensively hunts for threats in Polish cyberspace and provides trusted data sources such as Warning List, which is a collection of domains rated as malicious. Each domain is verified by CERT Polska's analysts before being added to the List. Thanks to this, we have virtually eliminated the risk of wrongly blocking a domain. The current content of the Warning List is always publicly available. Since September 2023, the List has been operating under the Law on Combating Abuse in Electronic Communications. Pursuant to Article 20(3) of this Law, we place Internet domains on the List that have as their primary purpose the misleading of Internet users.

We expect Meta to start using Warning Lists and other data sources from local partners that specialize in finding threats in a particular market to improve filtering of malicious external links appearing on their platforms.

• Putting Ad Library in order

Meta provides Ad Library that allows teams such as CERT Poland to search for ads and related sites created by criminal groups. This is a very important mechanism for ensuring the transparency of ad networks and the content they distribute. Unfortunately, the Ad Library does not always provide up to date content presented to users, which is related to the abuse of the ad creator function, e.g.: to create multiple versions of a single ad, publish long videos cheating filters or by displaying a different link to the real one. We have also noticed a delay in publishing changed ads in the Ad Library relative to the content displayed to users, making it difficult to search for current threats.

We expect to improve the transparency and timeliness of the ad library to prevent its functionality from being abused to circumvent the verification mechanisms used by Meta.

Summary

All of the above-mentioned problems affect not only Polish users, they have also been observed in other countries. For this reason, we cannot accept the arguments about the inability to adapt to local markets that are raised by companies operating on a global scale. Resolving the above issues will improve the security of all users, not just Poles, because cyber security challenges are, after all, global.

The above expectations for improving user safety were communicated to Meta representatives.

Share: