Meta Under Fire for Hosting Fake News Ads Linked to Cybercrime in Indonesia

A disturbing trend of deceptive advertisements masquerading as legitimate news articles on Meta’s platforms has sparked alarm in Indonesia, with cybersecurity experts warning of potential cybercrime risks ranging from misinformation to financial fraud. The latest incident, uncovered by The Jakarta Post, revealed a clone website mimicking the outlet’s branding, complete with a fabricated story about President Prabowo Subianto, linked to an ad on Facebook. As digital literacy remains a challenge in the region, such scams threaten to exploit unsuspecting users and tarnish the credibility of trusted media.

The , which surfaced on Meta’s platforms including Facebook, Instagram, and Messenger since early March 2025, featured a sensationalist headline claiming a “tragic end” for President Subianto, alongside an image of him with a bruised eye. Clicking the ad directed users to a near-identical replica of The Jakarta Post’s website, hosted under a suspicious domain, jobdady.com. While the outlet refrained from exploring the site further due to malware concerns, experts suggest the ultimate goal was to lure users into a fraudulent cryptocurrency trading scheme, complete with fake endorsements from Indonesian public figures.

This is not an isolated case. Similar ads impersonating other reputable outlets, such as the New York Post, Wall Street Journal, and local platforms like detik.com and Tribunnews, have also appeared on Meta’s platforms, some dating back to December 2024. Despite being flagged for impersonation, many of these ads remain active, raising questions about Meta’s oversight and responsiveness. The Jakarta Post reported that their complaints to Meta went unanswered, even as the offending ad briefly disappeared before resurfacing.

A Gateway to Cybercrime

Cybersecurity experts have identified these ads as part of a broader strategy known as “typosquatting,” where malicious actors register domains closely resembling legitimate ones to deceive users. Pratama Persadha, chairman of the Communication and Information System Security Research Center (CISSReC), explained that such tactics often lead to spear phishing—a targeted cyberattack designed to extract sensitive information or install malware. “The potential harm isn’t just misinformation,” Pratama told The Jakarta Post. “It’s also about tricking users into sharing personal data that can be exploited for financial crimes.”

In the case of the fake Jakarta Post site, the linked content included a fabricated “deleted interview” with President Subianto, urging readers to invest in a dubious cryptotrading platform. The platform itself was another clone, hosted under the same jobdady.com domain, featuring fictitious testimonials from prominent Indonesian figures like Raffi Ahmad and Deddy Corbuzier. IBM Asia Pacific’s field chief technology officer, Kaylan Madala, noted that such scams exploit the traffic of well-known websites to manipulate victims through fake narratives. “Fraudsters are always looking for easy money online,” Madala warned, highlighting the use of social engineering to deceive users across multiple communication channels.

The risks are particularly acute in Indonesia, where digital literacy levels remain low compared to more developed markets. Pratama pointed out that the allure of sensationalist content often overrides caution, making users in developing countries prime targets for cyberattacks. Even when the end destination appears benign—such as an ad impersonating detik.com redirecting to a legitimate subdomain after passing through a suspicious intermediary—clicks can still generate revenue for scammers through ad-based fees.

Meta’s Role and Responsibility

Meta’s apparent inaction has drawn sharp criticism. The company’s Ad Library, a public database of advertisements on its platforms, revealed that the offending ad targeting The Jakarta Post was posted by an entity claiming to be an advertising agency called Raleigh Wolff, purportedly based in Ukraine. Despite being reported, the ad persisted on Meta’s platforms as of mid-March 2025. This isn’t the first time Meta has faced scrutiny over its ad moderation practices, but the stakes are higher when fake news ads serve as entry points for cybercrime.

The proliferation of such content also poses a reputational risk to legitimate media outlets. As Pratama noted, some users may mistakenly believe the fake stories are authentic, eroding trust in established news sources. For The Jakarta Post, the impersonation is not just a technical issue but a direct threat to its credibility. Similar ads impersonating international outlets like the Wall Street Journal with fabricated stories about British royalty further illustrate the global scope of the problem, though not all lead to overt financial scams.

Broader Implications for Digital Safety

The issue extends beyond individual scams to highlight systemic vulnerabilities in digital ecosystems. Indonesia, like many countries in South East Asia, is rapidly expanding its digital footprint, with millions of new internet users coming online each year. Yet, this growth outpaces efforts to educate users on identifying online threats. The Indonesian government has made strides in combating cybercrime through laws like the Electronic Information and Transactions Law, but enforcement often lags behind the ingenuity of fraudsters.

Moreover, the responsibility doesn’t lie solely with users or regulators. Tech giants like Meta, which profit from advertising revenue, must bear accountability for the content they host. The persistence of fake news ads, even after being flagged, suggests gaps in automated moderation systems and human oversight. If left unchecked, these gaps could embolden cybercriminals to scale their operations, targeting not just individuals but also political and economic systems through disinformation campaigns.

Speculative concerns also arise about the potential misuse of such tactics during critical periods, such as elections. If fake news ads can convincingly impersonate trusted media to promote fraudulent investments, they could equally be weaponised to sway public opinion or incite unrest. While no evidence currently suggests this specific campaign has political motives, the precedent it sets is troubling, especially in a country with a history of political turbulence like Indonesia.

A Call for Action

Addressing this issue requires a multi-pronged approach. First, Meta must enhance its ad vetting processes, prioritising rapid response to reports of impersonation and fraud. Transparency in how ads are approved and by whom would also help identify bad actors exploiting the system. Second, public awareness campaigns on digital literacy are crucial, particularly in regions vulnerable to online scams. Teaching users to scrutinise URLs, verify sources, and avoid sensationalist clickbait could mitigate the impact of such schemes.

Finally, collaboration between governments, tech companies, and cybersecurity experts is essential to stay ahead of evolving threats. While Indonesia has frameworks in place to tackle cybercrime, international cooperation is necessary given the cross-border nature of these scams, as evidenced by the alleged Ukrainian and Indian origins of some offending advertisers.

The case of fake news ads on Meta’s platforms serves as a stark reminder of the dark side of digital connectivity. As technology continues to permeate every aspect of life in South East Asia, ensuring the safety of online spaces is not just a technical challenge but a societal imperative. For now, users in Indonesia and beyond must remain vigilant, while pressure mounts on Meta to clean up its act before more fall victim to the click of a deceptive ad.