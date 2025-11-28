Happy Thanksgiving! I hope you had a cyberharm-free holiday! As a subscriber, you qualify for a special Black Friday & Cyber Monday deal if you choose to become an annual subscriber to Tate’s Online Safety Substack this weekend: 70% off for 1 year! Thank you so much for your support!

Get 70% off for 1 year

Also, if you are looking for additional motivation to continue improving your personal cybersecurity and privacy, check out the post below on the stunning scale of cybercrime that impacts ordinary people every day (I bet it is far greater than you thought).

Recently, Reuters reported a shocking fact: that in 2024, Meta (aka Facebook) earned $16B, or 10% of their revenue that year, from malicious ads! Article here: https://www.reuters.com/investigations/meta-is-earning-fortune-deluge-fraudulent-ads-documents-show-2025-11-06/. After this, it’s pretty clear that everyone should stay away from Facebook and Instagram and NEVER, EVER click on advertisements on those platforms.

The scary thing about this number is not the amount of revenue attackers generate from preying on victims, but that it reveals the true scale of cybercrime's impact across the United States.

Shocking thing #1: This figure shows that cybercrime losses are much higher than previously thought. In fact, I calculate that, at the very least, the actual loss from cybercrime in 2024 to victims like you and me (i.e., not businesses) is a whopping $144,000,000,000 (aka $144B). Unfortunately, this is probably a very low estimate, and the more accurate number is probably at least $432B.

Shocking thing #2: It also means that only 11.5% of victims report cybercrime (and it’s probably actually closer to 3%). This means there are at least 8X as many victims out there who aren’t reporting as those who are.

Here’s why:



➡️ If cybercriminals spent $16B in ads in 2024 on Meta, we can assume that these criminals gained at least $16B in revenue; otherwise, they wouldn’t spend this much.



➡️Meta’s US-based revenue is about 36% of their overall revenue. So we assume $5.76B of this $16B is from the US.



➡️The 2024 FTC Sentinel report indicates that online ads account for only 4% of the reported fraud losses compared to other contact methods. This is how we get to $144B.

$5.76B ÷ .04 = $144B.



➡️The FTC reported a total of $12.5B for all fraud losses in 2024. That means the FTC is only seeing 11.5% of all reported fraud losses, since the reporting covers only 11.5% of the $ 144B in losses.

$12.5B ÷ $144B = .115 (aka 11.5%)



Unfortunately for all of us, this is a highly conservative estimate for the following reasons:



🧨 Bad actors are earning far more than $16B from malicious ads, if they are spending that much. It’s likely at least 3X that, since consumer businesses need a Lifetime Value (LTV) to Cost of Acquisition (CAC) ratio of 3:1 to be sustainable, and even cybercriminals must follow fundamental business principles to succeed.



🧨The $16B only accounts for Meta’s ad network, and Meta has 21% of the digital advertising market share. This doesn’t account for all the other ad networks, like Google’s, so this amount is probably 5X too low.



🧨Although only 36% of Meta’s revenue is US-based, it is likely that an outsized number of these ads are targeting the US vs. the rest of the world.



🧨🧨🧨That means the total losses are probably at least 3X larger (and maybe even more), which brings us to $432 billion, meaning that the FTC is actually only receiving reports on about 3% of all consumer fraud.



This is 288X the total ransomware loss in 2024 (IC3 reports this at about $1.5B). If only investment to protect consumers were 288X the investment to safeguard enterprises (spoiler alert: it isn’t)!



This is why investment in understanding, detecting, preventing, and mitigating cybercrime against consumers like you and me is so critical, and why I am working diligently to address this problem.

Get 70% off for 1 year

Stay Safe!

Tate