The platforms themselves had built the vulnerability into their systems.
Over 1,000 fake ads exploited the Desenrola program between July 19-21, using government and Serasa imagery to deceive vulnerable debtors on Facebook, Instagram, and Messenger. Meta's moderation systems failed to catch most fraudulent ads, and they remained active after initial media reports, raising questions about platform accountability and self-regulation.
- 1,048 fraudulent ads impersonating Desenrola Brasil circulated July 19-21 across Facebook, Instagram, and Messenger
- Desenrola Brasil launched July 17 to help 70 million Brazilians renegotiate debts; 78% of Brazilian families were in debt as of May
- Most fraudulent ads evaded Meta's moderation systems and remained active after initial media reports
- Meta allowed creation of fake government pages without advertiser verification
UFRJ researchers identified 1,048 fraudulent ads impersonating Brazil's Desenrola debt relief program on Meta platforms, exploiting vulnerable consumers seeking to renegotiate debts.
Between July 19 and 21, researchers at the Federal University of Rio de Janeiro's Internet and Social Media Studies Lab discovered over one thousand fraudulent advertisements circulating across Meta's platforms—Facebook, Instagram, and Messenger—all impersonating Brazil's Desenrola debt relief program. The scale of the deception was staggering, but what made it more troubling was how effectively it had evaded detection. Most of these ads slipped past Meta's moderation systems entirely, operating below the threshold of traditional monitoring. They remained active even after journalists and television stations began reporting on the scams.
The fraudsters had weaponized the government's own credibility. The fake ads borrowed the visual identity of federal institutions and Serasa, the country's credit bureau, lending themselves an air of legitimacy that made them devastatingly effective. The researchers, in a report titled "Advertising in Service of Indebtedness," noted that the scams caused direct financial harm to potential program beneficiaries—people already vulnerable, already struggling with debt. What made this worse was that Meta's own advertising library, which archives all promoted content on the company's platforms, contained the evidence of these crimes, yet the company's systems had failed to stop them.
The timing of the fraud was not accidental. On July 17, the Brazilian government had launched the first phase of Desenrola Brasil, a program designed to allow 70 million Brazilians in default to renegotiate their debts with financial institutions on better terms. This came against a backdrop of widespread financial distress: a May study by the National Confederation of Commerce found that roughly 78 percent of Brazilian families were already in debt. The program represented genuine relief for millions of people. The fraudsters saw an opportunity.
Meta responded to the discovery with a statement insisting it does not permit fraudulent activity on its services and that it removes deceptive ads about Desenrola as soon as they are identified through a combination of technology, user reports, and human review. But the researchers at UFRJ saw a deeper problem. The company had made it possible to create fake pages in the name of the federal government without requiring verification of advertisers—leaving consumers with no reliable way to distinguish authentic from counterfeit. The platforms themselves had built the vulnerability into their systems.
The Brazilian Federation of Banks, Febraban, issued its own alert with practical guidance. Do not click links sent through messaging apps, social media, or sponsored search results, the federation advised. Contact your bank directly. Be suspicious of anyone asking you to send money upfront to secure better renegotiation terms. Use only the official channels—bank branches, internet banking, official apps—and when accessing internet banking, type the bank's address yourself rather than following a link. If you receive any message bearing the Febraban logo or a bank's logo, discard it and call the bank directly.
But the researchers saw the real issue as systemic. Self-regulation by the platforms had not worked. The study called for mandatory regulation of digital platforms that would impose transparency requirements and hold companies accountable for their services while respecting Brazil's Consumer Protection Code. The platforms, the researchers argued, were profiting from fraudulent ads even after removing them—the revenue from the deception made them, in a sense, beneficiaries of the crime. Until regulation forced them to prioritize public interest over their own financial gain, the cycle would continue. Desenrola Brasil was meant to help people escape debt. Instead, it had become a hunting ground for those who wanted to exploit them.
Notable Quotes
The platforms' self-regulation has not functioned, indicating the urgency of regulating digital platforms with transparency and accountability requirements that respect the Consumer Protection Code.— UFRJ research report
Do not click links received through messaging apps, social media, or sponsored search results. Contact your bank directly, and only renegotiate debts through official bank channels.— Adriano Volpini, Febraban Fraud Prevention Committee director
The Hearth Conversation Another angle on the story
Why did these scams work so well? What made people vulnerable to them?
The government had just launched a real program offering genuine debt relief. People in financial crisis saw ads that looked official, used real government imagery and the Serasa logo. They wanted to believe help was available. The fraudsters understood that desperation makes people less skeptical.
How did over a thousand ads slip past Meta's systems?
They operated below the radar. Meta's traditional monitoring tools didn't catch them. The company has the ad library—it archives everything—but the systems that are supposed to flag fraud didn't work. It's not that Meta didn't know; it's that their automation failed, and they didn't have enough human reviewers to catch it in time.
What did Meta say when confronted?
They said they don't allow fraud and that they remove deceptive ads when identified. But the researchers pointed out something darker: Meta made it easy to create fake government pages without verification. The company built the vulnerability in. Then they claim they're removing the ads after the fact. That's not prevention; that's damage control.
What's the real problem here, then?
Self-regulation doesn't work. Platforms say they'll police themselves, but their financial incentive is to maximize ad revenue. Even when they remove fraudulent ads, they've already made money from them. The researchers are saying you need actual law—transparency rules, real accountability, enforcement that respects consumer protection.
What should someone do if they get one of these ads?
Don't click any links. Call your bank directly using a number you know is real. Never send money upfront. Only use official channels—the bank's app, the branch, internet banking where you type the address yourself. If you get a message with a bank logo, assume it's fake and contact the bank to verify.
Will this happen again?
Almost certainly, unless regulation changes. The vulnerability is structural. As long as platforms can profit from ads and face no real penalty for fraud, the incentive to truly prevent it remains weak.