This recent post made me to review the drafts I had in this blog regarding a similar issue which I publish today. With the project http://desenmascara.me I have been investigating the online counterfeiting fraud for quite some time. It turns out that Facebook has plenty of advertisements like below:
Which leds to the Facebook event below (not active anymore):
In the above event page you can see the website being advertised: hxxp://www.rblovez.pw/
(not active anymore)
Which clearly is a FAKE rayban website. Flagged by desenmascara.me
and hence by VT:
This FAKE website is clearly a luxury knock-off product a dark business which has even more revenue than the ransomware and close to well-known malware as the Zeus banking trojan.
Though it is not a security vulnerability itself I reported it to Facebook because it is an abuse of their functionality which might be used to lure their users: anyone can set up an ads and the target website would not be "fully verified" which might contain badware or fake content as in this case.
The report was closed with the following feedback:
Thanks for contacting us. Keep in mind that this queue is specifically for security vulnerabilities. Since what you describe doesn't appear to be a security vulnerability, you can provide feedback or suggestions regarding a feature here:
It seems that the issue was investigated some years ago by another researchers:
But Facebook still allows such advertisements. Despite all the effort they are taking against FAKE news, it seems they still have plenty of room to improve regarding to get rid of advertisements involved with online counterfeiting in their network.
Google does a better work in such matter but sometimes, as highlighted in the picture below, they have ads related with fake sites as well.