Ad fraud on large online platforms

CERT Polska documents an escalating campaign where fraudsters exploit advertising services on major platforms (Meta, Google) to distribute fake investment schemes, medical product scams, charity frauds and erotic-content ads; attackers use celebrity imagery, fake reviews and deepfakes to build credibility and social-engineering lures. The report explains technical evasion TTPs—especially cloaking via User-Agent/Referer/IP checks, multiple ad versions, and misleading displayed domains—shows large operational scale (tens of thousands of domains blocked, hundreds of ads reported daily), evidences significant financial losses to victims, and highlights slow or ineffective platform remediation and transparency gaps in ad libraries.