Meta Inc (formerly known as Facebook) has been fighting scammers and impersonators aggressively for the past few years.
In a recent development, the social technology giant filed a federal lawsuit against unknown individuals and groups, running phishing scams to trick people into sharing their login credentials on fake Facebook, Messenger, Instagram, and WhatsApp login pages.
According to a press release by Meta on Monday, the phishing scheme involves more than phishing 39,000 websites, impersonating Facebook login pages that prompt people to enter their usernames and passwords, which the hackers collected. The defendants used a relay service to redirect internet traffic to the phishing websites in a way that obscured their attack infrastructure, hiding the true location of the phishing websites and the identities of the hosting providers.
With the legal action, Meta aims to disrupt phishing attacks that lure unsuspected users to fake websites that pose as legitimate ones operated by a bank, a merchant, or other services. The goal is to persuade a victim to enter sensitive information such as a password or email address.
“Reports of phishing attacks have been on the rise across the industry, and we are taking this action to uncover the identities of the people behind the attack and stop their harmful conduct,” Meta said in a statement.
Since March 2021, the volume of these attacks has increased, and Meta suspended thousands of URLs to phishing websites. “This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology,” Jessica Romero, Meta’s director of platform enforcement and litigation, said in a statement.
“We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur. We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others. And Meta blocks and shares phishing URLs so other platforms can also block them.”
Meanwhile, the lawsuit comes just days after Facebook announced that its platforms had been used to spy on or track as many as 50,000 people in 100 countries by seven surveillance-for-hire companies based in China, Israel, India, and North Macedonia. Meta announced last month that it had banned four malicious cyber groups in Afghanistan and Syria from targeting journalists, humanitarian organisations, and anti-regime military forces.
Notably, the company sued Namecheap and the Whoisguard proxy service in March 2020, alleging that they were “registering domain names that aim to deceive people by pretending to be affiliated with Facebook apps” and that they were being used “for phishing, fraud, and scams.”
A year prior, the ID Shield privacy service and the OnlineNIC domain name registrar were sued for allowing malicious actors to register lookalike domains. Facebook sued NSO Group the same year for creating and disseminating a WhatsApp zero-day exploit.