Like I mentioned above, Facebook is a billion dollar company. They can easily have all the necessary security measures if they designate and allocate such budget for that. But the fact that there are advertisements being approved despite being a scam really bugs me about their system.
Indeed, they have the capability to hire a dedicated team to review ads before publishing on the platform. They could open branches in each country to accept all ads and audit the content before approval, something they can do because they have ample financial resources.
But they don't do all of that, It's unclear what kind of approval system they've chosen, and they can't effectively address these malware and phishing ads issues. Some say it's like a cat-and-mouse battle, such as unstoppable. However, if handled manually, all of this can clearly be minimized or even prevented.