#57: Meta Profiting from Fraud, Fake Travel Sites, Job Scams are Surging

This week’s stories expose the uncomfortable truth that the social, commerce, and hiring platforms we rely on are increasingly profiting from or enabling fraud.

Let’s get into it.

NATE'S TAKE - NOVEMBER 18, 2025

Top Three This Week

1. Meta’s Fraud Problem Is Built In
2. Fake Travel Sites Target Tourists with Sophisticated Phishing Infrastructure
3. Job Scams Are Surging and Platforms Are Enabling Them

1. Meta’s Fraud Problem Is Built In

New internal documents show Meta knowingly profits from scam ads, even while publicly touting its crackdown. Reuters reports that the company projected it would earn 10% of its 2024 revenue (roughly $16 billion) from advertising scams, banned goods, and fraudulent content across Facebook, Instagram, and WhatsApp. Meta’s own estimates say it delivers 15 billion scam ads and 22 billion organic scam exposures every day.

Rather than remove fraudsters, Meta sometimes charges them higher ad rates in hopes of discouraging future abuse. Meanwhile, victims struggle to get help. The documents reveal a safety system focused more on preserving revenue than protecting users, with internal caps on how much ad revenue enforcement teams were allowed to disrupt.

Fraud mitigation can’t depend on platform policing alone. Even at global scale, enforcement is often reactive, under-resourced, and revenue-sensitive. Teams need to invest in their own defenses that don’t rely on signals from Meta, and tools that let them validate user intent and integrity before it reaches the checkout or inbox.

2. Fake Travel Sites Target Tourists with Sophisticated Phishing Infrastructure

A Russian-speaking threat group has registered over 4,300 fake travel domains in 2025 alone, targeting hotel guests with phishing emails designed to steal payment information. These sites mimic popular brands like Booking.com, Expedia, and Airbnb, and customize the experience with logos, fake CAPTCHA pages, and payment flows localized in 43 languages.

The campaign’s automation is key: once a victim lands on the page, tracking cookies ensure the phishing kit consistently displays the same brand and hotel across all interactions. Many pages even fake 3D Secure flows and offer bogus live support. Researchers confirmed ties between this activity and a similar campaign flagged by French authorities, indicating a broader fraud-as-a-service ecosystem focused on travel and hospitality sectors.

This surge in phishing is a warning to platforms and payment providers: scams are now end-to-end user flows. Fraud teams must monitor traffic for impersonation patterns, flag first-party checkout abuse, and collaborate across regions to proactively dismantle spoofing infrastructure before money moves.

3. Job Scams Are Surging and Platforms Are Enabling Them

A new episode of Stolen with prosecutor Erin West exposes just how widespread and sophisticated job scams have become. Fraudsters are exploiting weak verification standards across platforms like LinkedIn, Fiverr, Pinterest, and WhatsApp to impersonate recruiters, post fake jobs, and harvest resumes and personal information.

The tactics include hijacking dormant profiles, spoofing real companies, manipulating engagement metrics to appear legitimate, and luring job seekers into money mule roles under the guise of data entry or shipping work. Even resume “help” services are a front: some scammers pose as LinkedIn profile optimizers, ask for login credentials, and take over accounts completely.

These aren’t isolated attacks; they’re signs of a broken ecosystem. For fraud fighters, this is a growing blind spot. Verifying company pages, monitoring unusual hiring activity, and flagging identity misuse must become part of the fraud stack. Platforms that rely on user-generated content and job listings are being turned into marketplaces for credential theft and financial crime. Until trust signals are real, the fraud risk will only grow.

===

That’s all for this week! For more insights, follow us on LinkedIn or X, and if you want to learn more about what we do, visit www.specprotected.com.

‍