The Hidden Flaw in Ofcom's Plan to Crack Down on Big Tech Scam Ads

The Hidden Flaw in Ofcom's Plan to Crack Down on Big Tech Scam Ads

The UK media regulator Ofcom wants tech giants to finally clean up their platforms. Under proposed new rules, social media companies and search engines will face strict legal obligations to detect, block, and remove fraudulent advertisements. It sounds like a victory for internet safety. But the reality is far more complicated, and the current proposals ignore the economic machinery that makes online scamming a multi-billion-dollar global industry.

Ofcom’s framework aims to enforce the Online Safety Act by forcing platforms to scan for fraudulent content more aggressively. If they fail, they face massive fines. Yet, this approach treats a deeply entrenched structural problem as a simple content moderation issue. Tech companies cannot simply flip a switch to eliminate scam ads because their entire financial architecture relies on automated, frictionless ad purchasing.


Why Automated Ad Networks Are Built to Fail the Public

To understand why scam ads plague platforms like Meta, Google, and TikTok, you have to look at how these companies make money. They do not sell ads through human sales representatives. Instead, they operate programmatic advertising auctions.

In a programmatic system, an advertiser creates an account, uploads an image or video, inputs credit card details, and bids on user attention. The process is entirely automated. This frictionless onboarding is exactly what allowed Big Tech to scale into global monopolies. Unfortunately, it is also the perfect entry point for criminals.

Organized cybercrime syndicates do not buy ads manually. They use software to automate the creation of thousands of advertising accounts simultaneously. When a platform detects and bans one fraudulent account, ten more are already live, targeting vulnerable demographics with deepfake celebrity endorsements or fake investment schemes.

By demanding that platforms reactively police this endless flood of content, Ofcom is forcing tech companies to play an infinite game of whack-a-mole. The platforms will deploy more artificial intelligence scanners to flag suspicious text and imagery. In response, scammers will slightly alter their code, disguise their landing pages via cloaking techniques, and bypass the filters. The fundamental flaw remains untouched. The barrier to entry for buying an ad is too low.


The Cloaking Trick That Fools the Scanners

Regulators often talk about scam ads as if they are static billboards. They are not. Modern ad fraud relies heavily on a technique called cloaking, which actively weaponizes the automated nature of tech platforms against them.

When an ad buyer submits a creative asset to Meta or Google, the platform's automated review system evaluates the destination URL. A cloaking script detects who is clicking that link. If the visitor is an automated platform reviewer or an IP address associated with a regulatory body, the script displays a completely benign website, such as a local shoe shop or a cooking blog.

However, if the visitor is a real user matching the scammer's target demographic, the script redirects them to a highly sophisticated fraudulent landing page. These pages often mimic legitimate news outlets, complete with forged logos and fabricated interviews detailing how a well-known billionaire discovered a loophole to wealth.

[Ad Submitted] ---> [Cloaking Script Check]
                          |
                          +---> If Platform Reviewer ---> Show Benign Site
                          |
                          +---> If Real User Target  ---> Show Fraudulent Scam Page

Ofcom's current guidance places a heavy emphasis on monitoring what is hosted on the platform. It does not adequately address how platforms can effectively police what happens after a user clicks away from the social media feed. Without addressing cloaking, platforms will continue to tell regulators that their automated checks passed, while users continue to lose their life savings.


The Legal Loopholes of Intermediary Liability

For decades, tech giants have shielded themselves behind the concept of intermediary liability. The argument is simple. They are platforms, not publishers. If a third party posts a defamatory comment or buys a fraudulent ad, the platform claims it is not legally responsible for the content itself, only for taking it down once notified.

The Online Safety Act attempts to shift this balance of power, but it creates a dangerous grey area. Under the new rules, Ofcom expects firms to have robust systems to prevent harm. But what constitutes a sufficient system?

Tech companies have armies of lawyers ready to argue that their current AI content moderation tools represent the state of the art. If a scam slips through, they will argue it was an anomaly, not a systemic failure. The legal threshold for proving that a company was systematically negligent is incredibly high.

Furthermore, the threat of fines up to 10% of global turnover sounds terrifying on paper. In practice, regulators rarely issue maximum penalties. Legal battles drag on for years in appellate courts. While the lawyers argue over definitions of systemic risk, the cash flow from automated ad systems remains uninterrupted.


The True Cost of Friction

If Ofcom truly wants to eradicate scam ads, it must force platforms to introduce friction into the advertising economy. This is the one solution tech companies resist at all costs. Friction destroys profitability.

A meaningful solution would require mandatory, rigorous identity verification for every entity purchasing advertising space online. This means moving beyond a simple credit card check. It requires verifying corporate registration documents, confirming banking origins, and introducing human oversight for accounts spending significant budgets.

If a company wants to advertise financial products to UK citizens, they should be cross-referenced with the Financial Conduct Authority register before a single impression is served.

[Ad Purchase Attempt] ---> [FCA Register Cross-Check] ---> Fail ---> [Block Ad]
                                       |
                                    Success
                                       |
                                       V
                            [Live Impression Served]

Tech platforms reject this because it slows down the sales pipeline. It requires hiring human compliance officers rather than relying on code. It limits the volume of ads that can be sold in a microsecond.

Ofcom’s current proposals stop short of demanding this level of fundamental systemic redesign. Until the regulator shifts its focus from scanning harmful content to regulating the financial onboarding of advertisers, the internet will remain an incredibly lucrative playground for international fraudsters. The burden of proof will remain on the victim, while the platforms continue to collect the ad spend.

AC

Ava Campbell

A dedicated content strategist and editor, Ava Campbell brings clarity and depth to complex topics. Committed to informing readers with accuracy and insight.