Fraudulent ads are an ongoing problem for social media platforms, but crackdowns can be difficult. However, Facebook announced it’s escalated one of those battles to a lawsuit.
On Thursday, the social network announced legal action against China-based ILikeAd Media International Company, as well as a marketer and developer working for the firm, over malware created to compromise user accounts and using them to run ads on the platform.
These ads—which would sometimes use fake celebrity endorsements to prompt clicks—prompted Facebook users to buy products from websites that blatantly violate the platform’s ad policies. Ultimately, the ads passed review by disguising their ultimate destinations, a fraud tactic known as cloaking.
In a Twitter post, Facebook’s director of product Rob Leathern said the company is “working to protect Facebook users and create real world consequences for people who abuse our ads platform.”
“Facebook will continue to take strong steps to protect people and disrupt these schemes,” he added, “including through legal action for scammers who try to get around our ad review systems.”
Cloaked ads, like the name implies, are engineered to redirect to different landing pages depending on who’s clicking on them. In Facebook’s case, a bad actor could set up an ad that will redirect Facebook’s operators—and all other ad networks—to a particular destination that fully abides by the platform’s policies. At the same time, a click coming from an IP address belonging to a regular internet browser would lead to a destination that might include anything from fake diet pills to pornography.
Though the company has been taking steps to crack down on cloaking since 2017, the defendants named in this latest lawsuit—Chen Xiao Cong and Huang Tao—were caught running cloaked ads until at least this past August, per the lawsuit. Facebook has paid more than $4 million so far to reimburse any media buys made by the compromised accounts, according to the company.
This is the latest leg of Facebook’s fight against fraud, following a suit filed in August against two developers who were caught using a fraud technique known as click injection to artificially inflate the number of times Facebook’s ads appeared on their apps.
A Facebook spokesperson did not immediately respond to a request for comment.