#52: South Korean celebrities lose millions, Meta political scams, Baltimore caught in vendor fraud scheme

Every platform is under pressure. From media giants letting deepfakes run wild to public institutions still struggling with basic verification, fraud is thriving where trust is assumed and safety is underbuilt. This week’s stories show what happens when the system doesn’t think like a scammer.

Let’s get into it.

NATE'S TAKE - OCTOBER 7, 2025

Top Three This Week

1. Fraud Doesn’t Care Who You Are
2. Deepfake Scammers Are Running Political Ads on Meta
3. $800K Lost in a Government Payment Scam

1. Fraud Doesn’t Care Who You Are

In South Korea, some of the country’s most well-known entertainers are speaking out about the growing sophistication of scams and the financial devastation they’re causing. One celebrity lost $213,000 in a phishing attack. Another had their account drained overnight while fraudsters used their phone to rack up card charges. A third fell victim to a refund scam disguised as a routine second-hand sale.

This wave of phishing isn’t random. Scammers are using current events, like a government data center fire, to create believable lures and impersonate official systems. They're combining voice phishing, app-based malware, and stolen personal details to increase their hit rate.

Fraud teams should take note: these tactics don’t just work on the uninformed. They’re designed to exploit human behavior (urgency, social proof, and authority) regardless of status or technical literacy. Investigate how your platforms handle user prompts, confirmations, and redirects. If you’re not intercepting behavior anomalies or monitoring device-level access changes, you’re one link away from becoming the next case study.

2. Deepfake Scammers Are Running Political Ads on Meta

A new report from the Tech Transparency Project shows scammers spent $49 million on political ads across Facebook and Instagram, using deepfake videos of U.S. politicians to push fake stimulus offers and government payout scams. These weren’t one-offs. Some of these ad accounts ran for months, spent millions, and targeted older users across more than 20 states.

Meta’s failure to catch these early or keep them down after takedown isn’t just an ad policy problem. It’s an identity and content integrity issue. The fact that scammers passed Meta’s political advertiser verification process with fake IDs and U.S. addresses speaks volumes about how easy it is to game self-serve verification.

If your platform accepts paid content, supports user-uploaded media, or serves vulnerable populations, now’s the time to rethink moderation. Deepfake scams are designed to appear legitimate at a glance. Your systems need to verify identity and intent, and flag content that’s not just false, but behaviorally abnormal. Don’t wait until the fraud hits the front page.

3. $800K Lost in a Government Payment Scam

Baltimore lost over $800,000 after a fraudster successfully changed a city vendor’s banking details in Workday. The attacker used a personal email, forged documents, and exploited weak verification processes to reroute two payments before the scam was caught.

This is vendor impersonation 101, and it still works, especially in public sector orgs where process gaps, policy lags, and shifting departments create opportunity.

The real kicker is this wasn’t the first time. The same city had been warned about similar vulnerabilities in 2020 and 2022. Fraud isn’t a one-time risk, it’s a system failure that repeats until mitigated. Basic controls like callback verification, approval restrictions, and geo-monitoring weren’t in place. And even after detecting the fraud, it took an external investigation to ensure law enforcement got involved.

For fraud fighters in large orgs: if fraud has already happened once, it’s coming back. Review old cases. Test your process against known attack paths. And don’t assume one fix is enough.

===

That’s all for this week! For more insights, follow us on LinkedIn or X, and if you want to learn more about what we do, visit www.specprotected.com.

‍