CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Meta Enhances Scam Protection for Messenger and WhatsApp

First reported
Last updated
3 unique sources, 4 articles

Summary

Hide ▲

Meta has introduced new tools to protect users of Messenger and WhatsApp from scams. The tools include warnings for screen sharing during video calls on WhatsApp, a scam detection feature on Messenger, and a new security feature to help users spot potential scams when being added to a group chat by unknown contacts. Meta also reported actions taken against fraudulent accounts and scam centers. Meta's efforts are part of ongoing measures to combat scams, including romance baiting schemes operated by cybercrime syndicates in Southeast Asia. These scams often involve psychological manipulation and financial fraud. In 2025, Meta removed over 159 million scam ads and took down over 10.9 million accounts on Facebook and Instagram linked to criminal scam operations. Meta also participated in a global law enforcement operation that led to the arrest of 21 suspects and the shutdown of more than 150,000 accounts linked to scam networks in Southeast Asia. Meta collaborated with the FBI, the DOJ Scam Center Strike Force, and Thai police to disrupt scam centers in Southeast Asia. The operation targeted scam centers that targeted users in the US, UK, and the APAC region. Thai Police arrested 21 suspects and Meta shut down more than 150,000 accounts linked to the scam centers. In a similar operation conducted in December, Meta removed 59,000 accounts, pages, and groups across its platforms.

Timeline

  1. 11.03.2026 15:29 2 articles · 1d ago

    Meta Removes 159 Million Scam Ads and 10.9 Million Accounts in 2025

    In 2025, Meta removed over 159 million scam ads and took down over 10.9 million accounts on Facebook and Instagram linked to criminal scam operations. Meta also participated in a global law enforcement operation that led to the arrest of 21 suspects and the shutdown of more than 150,000 accounts linked to scam networks in Southeast Asia. Meta collaborated with the FBI, the DOJ Scam Center Strike Force, and Thai police to disrupt scam centers in Southeast Asia. The operation targeted scam centers that targeted users in the US, UK, and the APAC region. Thai Police arrested 21 suspects and Meta shut down more than 150,000 accounts linked to the scam centers. In a similar operation conducted in December, Meta removed 59,000 accounts, pages, and groups across its platforms.

    Show sources
    Open in new tab
  2. 21.10.2025 18:03 4 articles · 4mo ago

    Meta Introduces Scam Protection Tools for Messenger and WhatsApp

    Meta has introduced advanced scam-detection for suspicious chats on Messenger, alerting users to potentially scammy messages and suggesting actions like blocking or reporting the sender. Users can send recent messages for AI scam review to check for signs of a scam. The scam detection feature on Messenger is enabled by default but can be disabled via "Privacy & safety settings." Meta has also added a new security feature in WhatsApp to help users spot potential scams when being added to a group chat by unknown contacts, displaying a "safety overview" context card. WhatsApp notifies users when they are contacted by someone outside their contact list, providing context information about the person they are messaging. WhatsApp now alerts users when behavioral signals suggest a device-linking request may be fraudulent. Meta is testing warnings that flag suspicious friend requests on Facebook based on signals such as a small number of mutual connections or a profile location that doesn't match the user's region. Meta's anti-scam detection feature on Messenger will expand to more countries, identifying patterns consistent with common schemes like fake job offers and giving users the option to submit suspicious chats for an AI review. Meta has rolled out AI systems that analyze text, images, and contextual signals to identify celebrity impersonation, brand spoofing, and deceptive links used by threat actors. Meta introduced a feature to warn WhatsApp users of potentially malicious device-linking attempts. Meta unveiled a feature to alert Facebook users to suspicious friend requests based on indicators such as a lack of mutual friends, a recently created profile, and location differences.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Meta Disables 150K Accounts Linked to Southeast Asian Scam Centers

Meta has disabled over 150,000 accounts linked to scam centers in Southeast Asia, in collaboration with authorities from multiple countries. This action follows a pilot initiative in December 2025 and includes new tools to detect and prevent scams. The U.K. government has also launched an Online Crime Centre to combat cybercrime, including scam operations across various regions. The coordinated effort resulted in 21 arrests by the Royal Thai Police. Meta highlighted the sophistication and industrialization of online scams, which often operate as full-scale business operations in countries like Cambodia, Myanmar, and Laos. The company introduced new tools to warn users about suspicious activities on Facebook, WhatsApp, and Messenger. In 2025, Meta removed 159 million scam ads and 10.9 million accounts associated with criminal scam centers. The U.K.'s new Online Crime Centre aims to disrupt scam operations using AI and specialized teams.

Open in new tab

Vishing Attacks Target Okta SSO Accounts for Data Theft

Threat actors are using vishing attacks to steal Okta SSO credentials, bypassing MFA and gaining access to enterprise cloud services. The attacks involve real-time manipulation of phishing pages and social engineering to trick employees into revealing their credentials and MFA codes. Once access is gained, attackers exfiltrate data from integrated platforms like Salesforce and demand extortion payments. The phishing kits used in these attacks are sold as a service and are actively employed by multiple hacking groups targeting identity providers and cryptocurrency platforms. Okta recommends using phishing-resistant MFA methods to mitigate these threats. Attackers use Telegram channels to receive stolen credentials and adapt their campaign based on the MFA or authentication solution the target is using. Phishing kits allow attackers to generate fake MFA notifications to bypass MFA protections.

Open in new tab

Phishing Campaign Targets Ad Manager Accounts via Fake Calendly Invites

A sophisticated phishing campaign impersonates top brands like Unilever, Disney, and MasterCard using fake Calendly invites to steal Google Workspace and Facebook Business account credentials. The campaign, discovered by Push Security, targets ad manager accounts to launch malvertising, AiTM phishing, and malware distribution campaigns. Access to these accounts allows threat actors to execute geo-targeted attacks and potentially resell compromised accounts for monetization. The phishing emails, crafted using AI tools, impersonate legitimate recruiters and direct victims to fake Calendly landing pages with CAPTCHA and AiTM phishing pages. The campaign employs anti-analysis mechanisms and Browser-in-the-Browser (BitB) attacks to enhance its effectiveness. Push Security identified 31 unique URLs and additional variants targeting both Google and Facebook credentials. Simultaneously, a malvertising campaign targets Google Ads Manager accounts through malicious sponsored ads.

Open in new tab

FBI Warns of $262M Stolen in Account Takeover Fraud Schemes

Since January 2025, cybercriminals impersonating bank support teams have stolen over $262 million through account takeover (ATO) fraud schemes. The FBI's Internet Crime Complaint Center (IC3) has received over 5,100 complaints, affecting individuals and businesses across various sectors. Criminals gain unauthorized access to online financial accounts using social engineering techniques or fraudulent websites. Once in control, they wire funds to crypto wallets and often change account passwords, making recovery difficult. The FBI advises monitoring financial accounts, using strong passwords, enabling MFA, and avoiding search results for banking websites. Victims are urged to contact their financial institutions immediately and file complaints with the IC3. Recent reports highlight the growing use of AI-powered phishing campaigns, SEO poisoning, and exploitation of e-commerce vulnerabilities, particularly ahead of the holiday season. Additionally, purchase scams and mobile phishing (mishing) sites have seen a significant increase, leveraging trusted brand names to deceive users. The U.S. Justice Department (DoJ) has seized the fraud domain web3adspanels[.]org, which was used to host and manipulate illegally harvested bank login credentials. The scheme targeted 19 victims across the U.S., including two companies in the Northern District of Georgia, with attempted losses of approximately $28 million and actual losses of approximately $14.6 million. The confiscated domain stored the stolen login credentials of thousands of victims and hosted a backend server to facilitate takeover fraud as recently as November 2025. The FBI and Estonian law enforcement collaborated in this seizure, and the domain now displays a law enforcement banner indicating it is under the control of authorities. No arrests have been made yet, but the investigation may reveal clues leading to the operators.

Open in new tab

Active Spyware Campaigns Targeting High-Value Signal and WhatsApp Users

Germany's Federal Office for the Protection of the Constitution (BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app. The focus is on high-ranking targets in politics, the military, and diplomacy, as well as investigative journalists in Germany and Europe. Unauthorized access to messenger accounts not only allows access to confidential private communications but also potentially compromises entire networks. The campaign involves threat actors masquerading as 'Signal Support' or a support chatbot named 'Signal Security ChatBot' to initiate direct contact with prospective targets, urging them to provide a PIN or verification code received via SMS, or risk facing data loss. Should the victim comply, the attackers can register the account and gain access to the victim's profile, settings, contacts, and block list through a device and mobile phone number under their control. There also exists an alternative infection sequence that takes advantage of the device linking option to trick victims into scanning a QR code, thereby granting the attackers access to the victim's account, including their messages for the last 45 days, on a device managed by them. The security authorities warned that while the current focus of the campaign appears to be Signal, the attack can also be extended to WhatsApp since it also incorporates similar device linking and PIN features as part of two-step verification. Similar attacks have been orchestrated by multiple Russia-aligned threat clusters tracked as Star Blizzard, UNC5792 (aka UAC-0195), and UNC4221 (aka UAC-0185). Dutch intelligence agencies have confirmed that Russian state-sponsored hackers are targeting government officials, military personnel, and journalists via Signal and WhatsApp phishing campaigns. The campaign is described as large-scale and focuses on hacking individual Signal and WhatsApp accounts to access sensitive information. MIVD director, vice-admiral Peter Reesink, warned against using Signal and WhatsApp for classified, confidential, or sensitive information due to the ongoing campaign. The attacks involve impersonating a 'Signal Support chatbot' in unsolicited messages, requesting SMS verification codes or Signal PINs. Signal has clarified that it will never initiate contact via in-app messages, SMS, or social media to ask for verification codes or PINs. Another attack method involves persuading victims to scan a QR code or click on a link, exploiting the 'linked devices' function in Signal and WhatsApp. AIVD and MIVD provided guidelines to help users identify and mitigate account hijacking attempts, including checking for duplicate contacts in group chats and monitoring display name changes.

Open in new tab