SCAMMERS are targeting Facebook, WhatsApp and Instagram users in a bid to steal their logins.
Meta, the company formerly known as Facebook, said Monday that attacks are tricking users into sharing their usernames and passwords on fake login pages.
The tech titan said in a blog post that it has filed a federal lawsuit in California court to disrupt so-called phishing attacks.
“Phishing is a significant threat to millions of Internet users,” Meta said.
“Reports of phishing attacks have been on the rise across the industry and we are taking this action to uncover the identities of the people behind the attack and stop their harmful conduct.”
Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, social media platform or other service.
The website, however, is phoney with fake content designed to persuade a victim to enter sensitive information, like a password or email address.
Meta said the phishing scheme it identified involved the creation of more than 39,000 bogus websites.
They impersonated the login pages of Facebook, Messenger, Instagram and WhatsApp.
On these websites, people were prompted to enter their usernames and passwords, which were collected by the scammers.
According to Meta, the attackers were able to conceal their identities and the true location of the phishing websites using a so-called “relay service”.
Starting in March 2021, when the volume of these attacks increased, Meta worked with the relay service to suspend thousands of URLs to the sites.
“This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology,” the company said.
“We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur.”
Analysts urged netizens to enable two-factor authentication on their online accounts to avoid falling afoul of phishing scams.
It adds a second step to the login process – such as a code sent over text – for an additional layer of security.
“This could be an early sign that Meta is getting tougher with their platforms and cleaning up an unfortunately plagued social media,” said Jake Moore, an advisor at cybersecurity firm ESET and former Head of Digital Forensics at Dorset Police.
“By making it look like sites are hosted on legitimate servers it can quickly mean people believe what they are seeing without any further proper checks.
“Such quick and easy impersonation can go a long way when used in phishing attacks used to trap credentials.
“Users are therefore encouraged to see where the original requests have originated from and log into accounts via the usual trusted method and have two-factor authentication turned on.”
In other news, Samsung is reportedly killing off its beloved Note smartphone after more than a decade.
Apple has announced that it will let customers fix their own iPhones for the first time starting next year.
The UK is fighting an epidemic of hack attacks targeting consumers and businesses, according to officials.
And, NASA has slammed Russia after a missile it fired into one of its own satellites forced the space station to perform an emergency swerve.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at email@example.com