Utilise public law injunctions to prevent scam advertising

Utilise public law injunctions to prevent scam advertising

The online safety plans of social media platforms tend to prioritise automated filtering, allowing scammers to bypass detection using AI-generated content.

social media

From Ong Sze Chin

In November 2025, leaked internal documents of a popular social media platform revealed that it was deriving substantial revenue from advertising activities linked to online scams and prohibited goods.

According to the documents, the platform had failed to prevent the dissemination of approximately 15 billion “high-risk” advertisements to users each day, generating an estimated US$7 billion (around RM29 billion) in annualised revenue from ads exhibiting clear indicators of fraud.

The platform’s advertising personalisation engine further exacerbated the problem by systematically amplifying users’ exposure to fraudulent content. The system uses prior engagement signals to optimise and deliver additional high-risk advertisements, effectively transforming victims into prime targets for repeated scams.

That raises an important question: to what extent can the newly enforced Online Safety Act 2025 provide effective protection and remedies for the RM2.77 billion in losses arising from financial scams last year?

The sharp rise in both the number of cases and the resulting losses calls for a careful examination of advertising practices.

With digital deception evolving as rapidly as the technology it inhabits, public law injunctions have emerged as a critical tool for regulatory bodies to protect the collective interests of online users.

Unlike private litigation which addresses individual harm, public law enforcement focuses on the prevention of systemic unfair commercial practices that threaten users’ safety and economic stability.

The Online Safety Act 2025 (the Act) imposes obligations on social media and messaging platforms with over eight million users in Malaysia, classifying them as licensees and requiring that they comply with the law.

The legislation imposes obligations on social media and messaging platforms with over eight million users in Malaysia, requiring them to reduce harmful content (Section 13), provide safety guidelines (Section 14), help users manage risks (Section 15), set up reporting and assistance systems (Sections 16–17), protect children (Section 18), make harmful content inaccessible (Section 19), and submit online safety plans (Section 20).

In addition, the Act also specifies actions that must be taken by licensees to ensure compliance and effective implementation of these provisions.

The online safety committee established under the Act has the power to identify harmful content and instruct that, once determined, it be made permanently inaccessible.

Non-compliance with the Act carries a maximum financial penalty of RM10 million (Section 39).

No doubt, the Act provides a systemic risk management and platform accountability framework for content policing.

The Act is novel in that it implements safety by design, which requires social media and messaging platforms to submit annual online safety plans to the Malaysian Communications and Multimedia Commission (MCMC).

However, relying on such plans to prevent scam advertising has its limitations because they tend to prioritise automated filtering over human oversight, allowing sophisticated scammers to bypass detection using AI-generated content.

Furthermore, since these plans are self-reported, they may lack the transparency needed for regulators to verify if the safety protocols are being strictly enforced in real-time.

Finally, the reactive nature of most safety plans means that fraudulent ads are often only removed after the financial damage has already occurred — highlighting the need for more aggressive public law injunctions to stop scams at the source.

Public law injunctions have been a cornerstone of consumer protection and market regulation for decades, serving as a means to stop harmful commercial practices and malpractice.

Changes in design, safety plans from reporting, investigations, evidence gathering, and procedures in ensuring compliance take time and often allow fraudulent campaigns to achieve their maximum impact before any regulatory action is finalised.

While internal platform safety plans are essential for long-term systemic health, they are fundamentally slow-moving administrative processes that struggle to keep pace with the agility of modern scammers.

To bridge this gap, authorities should utilise public law injunctions as a rapid-response mechanism.

Unlike the lengthy audit cycles of an online safety plan, an injunction serves as an immediate “emergency brake”, allowing regulators to bypass procedural delays and legally compel platforms to freeze scam accounts or remove deceptive advertisements in real-time.

The deployment of injunctions alongside statutory investigations can prevent widespread financial loss while the more time-consuming work of evidence gathering and compliance auditing continues in the background.

In the landmark case of Zschimmer & Schwarz GMBH & Co. KG Chemische Fabriken v Persons Unknown and Mohammad Azuwan bin Othman (t/a Premier Outlook Services) (2021), the High Court established a precedent for granting injunctions against “persons unknown”.

Utilising injunctions to combat anonymous cybercrime and scam advertising should be treated as an immediate priority, enabling the swift freezing of fraudulent campaigns while the Act transitions into full operation.

 

Ong Tze Chin is a senior lecturer at Universiti Malaya’s law faculty.

The views expressed are those of the writer and do not necessarily reflect those of FMT.

Stay current - Follow FMT on WhatsApp, Google news and Telegram

Subscribe to our newsletter and get news delivered to your mailbox.