The next time a fake investment scheme, a phoney bank warning or an impersonation ad for a trusted brand appears in a social media feed, Britain’s biggest online platforms may no longer be able to treat it as someone else’s problem.
Ofcom has proposed new rules that would put major social networks and search engines under a direct legal duty to tackle fraudulent paid advertising. The regulator says platforms must take practical steps to prevent scam ads appearing, remove them faster when they do surface, and stop the people behind them from simply setting up a new account and trying again. Companies that fail to meet the duties could face fines of up to £18 million or 10% of their worldwide annual revenue, whichever figure is higher.
That matters because scam advertising has become one of the internet’s most reliable and damaging business models – at least for criminals. A convincing ad can borrow the look of a high-street bank, a respected retailer, a celebrity or a legitimate investment platform, then use the targeting tools built for ordinary advertisers to find exactly the people most likely to respond. One click can lead to a cloned website, a request for bank details, or a pitch to transfer money into an investment that does not exist.
For users, the distinction between an advert, a post and a search result is often invisible. The content arrives in the same feed, carries much of the same design language and can look more credible precisely because it appears on a familiar platform. But, legally and operationally, paid advertising has often sat in an awkward space: platforms have faced obligations around illegal user-generated content, while scam ads bought through their advertising systems have received less direct regulatory attention. Ofcom’s proposal is designed to close that gap.
The regulator estimates that UK consumers lose around £200 million a year to fraudulent ads. That is not a small nuisance at the edges of the internet. It is a sign of how efficiently modern advertising infrastructure can be repurposed by bad actors: easy account creation, rapid creative testing, micro-targeting and the ability to reach people at scale before moderators or automated systems catch up.
Ofcom’s draft fraudulent advertising code sits within the UK’s Online Safety Act framework. It would apply to the biggest in-scope user-to-user and search services, putting names such as Facebook, Instagram, TikTok, YouTube, Pinterest, Reddit and major search platforms in the spotlight. The core expectation is straightforward: if a company profits from placing an ad, it must build credible systems for keeping criminal advertising out.
In practice, that means nearly 40 proposed measures. Platforms would be expected to improve advertiser checks, identify and remove adverts from impersonators, create dedicated reporting routes for scam ads, and take action against repeat offenders. One of the more consequential ideas is a tougher stance on repeat abuse: where some platforms may currently allow an advertiser several warnings, Ofcom is pushing toward a “one strike and you’re out” approach for fraudsters, paired with measures to prevent banned users returning under fresh accounts.
That last detail gets to the heart of the enforcement challenge. Removing one bad ad is relatively easy. Preventing the same operator from creating a new profile, using a different payment method, changing a few words of copy and relaunching a campaign is much harder. Effective prevention will require platforms to join up signals across advertiser verification, payment activity, account behaviour, creative assets, destination websites and user reports.
It is also an uncomfortable moment for the industry’s preferred defence: scale. Major platforms process huge volumes of ads, and they will argue – fairly – that no screening system is perfect. But the scale argument cuts both ways. These companies have developed exceptionally sophisticated systems to decide which people should see which ad, when they should see it, and how likely they are to click. Ofcom’s position is essentially that fraud prevention needs to become an equally serious part of that machinery.
The proposals explicitly acknowledge the growing role of generative AI. Platforms would be expected to rigorously test AI tools used to create adverts, reducing the chance that criminals can exploit them to produce convincing impersonations, fabricated endorsements or misleading financial promotions. This is likely to become a central pressure point. AI has not invented fraud, but it can make the basic ingredients – polished copy, persuasive images, voice cloning and rapid variations of an ad – dramatically cheaper and faster to produce.
For consumers, the proposed rules could bring a more visible shift in how platforms respond to reports. Dedicated scam-ad reporting channels should, at least in theory, make it easier to flag a suspicious promotion without navigating a generic moderation form built around spam or offensive content. The real test will be what happens after a report is filed: whether action is rapid, whether users get meaningful feedback, and whether the same scam is prevented from reappearing in a slightly altered form.
There is still a long road before the code takes effect. Ofcom’s consultation is open until October 2, after which it intends to issue final decisions in 2027. Those rules would then need parliamentary approval. Consumer group Which? has welcomed the direction of travel but warned that the timeline could leave people exposed until 2027 at the earliest, even as AI makes scams more polished and harder to spot.
That criticism is hard to dismiss. A regulatory promise is not the same as a safer feed, and victims do not get their money back simply because a company improves its compliance procedures two years later. Ofcom has said platforms do not need to wait for the final code to improve their systems. The strongest firms may see an incentive to move early, both to reduce harm and to avoid finding themselves on the wrong side of a regulator with the power to impose penalties measured against global revenue.
The wider significance extends beyond the UK. Governments around the world are increasingly asking whether online platforms should be treated less like neutral pipes and more like businesses with real responsibility for the systems they operate – particularly where those systems sell distribution, rank results and amplify paid messages. The United States has taken a more fragmented approach, with consumer protection, financial regulation and platform policy spread across several agencies and state-level rules. Britain’s model is more direct: if a platform is used by UK users and falls within the regime, Ofcom expects it to manage the risks, even if the company itself is based elsewhere.
That does not mean every scam will disappear. Fraudsters adapt quickly, and overzealous automated enforcement can also catch legitimate small businesses in the crossfire. The challenge for Ofcom will be to demand meaningful safeguards without turning advertising approval into an opaque black box. The challenge for platforms will be proving that “we removed it after users complained” is no longer their main line of defence.
For years, online scam ads have occupied a frustrating grey zone: obviously harmful to the people who lose money, but insufficiently costly for the companies whose ad systems carried them. Ofcom’s proposal is an attempt to redraw that line. If it becomes law and is enforced aggressively, the economics of fraud could start to change – not because scammers suddenly become less inventive, but because the platforms that give them reach will finally have more to lose.
Discover more from GadgetBond
Subscribe to get the latest posts sent to your email.