Meta Anti-Scam Tools: Facial Recognition and WhatsApp Protection

Meta has announced a suite of new security features aimed at curtailing the proliferation of fraudulent activity across its ecosystem. According to BleepingComputer, these updates focus on the automated detection of “celeb-bait” advertisements and the implementation of strengthened identity verification processes. For security professionals and SOC analysts, these changes represent a shift in how platform providers mitigate Phishing and social engineering at scale.

Preventing Celebrity-Bait Ad Scams

One of the primary threats Meta is addressing is the “celeb-bait” phenomenon. In these campaigns, threat actors use the likeness of public figures—often without authorization—to lure users into high-yield investment scams or to harvest credentials. Meta is now deploying a facial recognition system that compares images in flagged advertisements against the profile pictures of celebrities on Facebook and Instagram.

If the system detects a match and determines the ad is likely a scam, the content is automatically blocked. This technology aims to shorten the lifespan of fraudulent campaigns by reducing the reliance on manual reporting. From a threat intelligence perspective, this targets the TTP of impersonation, which is a foundational element of many modern social engineering attacks. By automating the verification of celebrity assets, Meta reduces the “dwell time” of malicious ads before they can be reported by the community.

How to Detect WhatsApp Scam Messages via Meta’s New Tools

Beyond visual advertisements, Meta is enhancing real-time user protections on WhatsApp and Messenger. The platform is introducing more descriptive warning labels when a user receives a message from an account that is not in their contact list or exhibits suspicious behavior patterns. Understanding how to detect WhatsApp scam messages is becoming vital for end-user training, as Phishing via instant messaging (smishing) continues to bypass traditional email filters.

These new warnings provide additional context, such as whether the sender is using a phone number from a different country or if the account was recently created. These indicators of compromise (IoC) are presented directly to the user, encouraging them to block or report the sender before engaging with any malicious links. This approach aligns with MITRE ATT&CK mitigations regarding user training and communication authenticity.

Meta Facial Recognition Account Recovery

A second application of facial recognition technology involves account recovery. Meta is testing “video selfies” as a method for users to regain access to compromised accounts. This process requires the user to upload a short video of themselves, which the system then compares against their profile photos.

This Meta facial recognition account recovery feature is designed to prevent hackers from maintaining control of a hijacked account by changing the recovery email or phone number. While traditional recovery methods rely on static data that can be stolen or guessed, biometric-backed recovery provides a higher barrier to entry for attackers. This is particularly relevant for high-value targets who are frequently subjected to account takeover attempts.

Technical Implications for Defenders

The deployment of these tools underscores the necessity of platform-level defenses in the fight against automated fraud. While these tools assist in identifying malicious content, defenders must still prioritize organizational awareness. Security teams should advise employees that while Meta is increasing its defensive posture, the core TTP of urgency and authority used in scams remains effective.

Integration of these platform warnings into broader security awareness programs ensures that users do not develop a false sense of security. The efficacy of these systems depends on the scale of the dataset and the speed of the automated response, making it a reactive rather than proactive solution for Zero-Day scam campaigns.