Meta is suing cybercriminals over phishing scams on Facebook, WhatsApp, Messenger

Meta
(Image credit: Facebook / Meta)

Facebook is suing a number of cybercriminals accused of targeting its users with phishing attacks.

In a press release, Meta said it had filed a federal lawsuit against unknown individuals creating fake login sites, impersonating Facebook, Messenger, Instagram and WhatsApp.

The company claims the malicious actors created almost 40,000 phishing sites so far. 

Meta phishing

"This phishing scheme involved the creation of more than 39,000 websites impersonating the login pages of Facebook, Messenger, Instagram and WhatsApp," Jessica Romero, Meta's Director of Platform Enforcement and Litigation, said in the announcement.

"On these websites, people were prompted to enter their usernames and passwords, which Defendants collected."

To create these phishing sites, the attackers used a relay service called Ngrok, which not only prevented cybersecurity solutions from cutting out the malicious traffic, but also hit the identity of the online hosting provider and the actual location of the phishing site.

The attack volume increased in March this year, Romero further said, adding that the company worked with the relay service to suspend “thousands” of URLs to the phishing websites. 

Facebook versus scammers

Under its previous Facebook guise, Meta has has been trying to fight back against scammers and impersonators quite vigorously for these past couple of years.

In March 2020, the company sued the domain name registrar Namecheap and the Whoisguiard proxy service for “registering domain names that aim to deceive people by pretending to be affiliated with Facebook apps," being used "for phishing, fraud and scams."

A year prior, the OnlineNIC domain name registrar, and the ID Shield privacy service were sued for allowing malicious actors to register lookalike domains. The same year Facebook also sued NSO Group for building and distributing a WhatsApp zero-day exploit.

In fact, NSO Group has been blacklisted by Facebook earlier this month and booted from the platform altogether. WhatsApp sued it in March 2020, but the company said it would fight the allegations. Still, when the court hearing came, the company’s representatives did not appear in the Northern District Court of California court. 

While WhatsApp has stated that it will “continue to pursue swift accountability from the courts in the U.S.”, the NSO Group has stated that “this default notice will not stand” and that WhatsApp has “prematurely moved for default before properly serving NSO with the lawsuit.”

Microsoft, Google, Cisco, and the Internet Association, which includes Amazon, Facebook, and Twitter, have all signed a brief, supporting WhatsApp’s stance on the matter.

Via Engadget

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
unblock facebook with vpn
A new Facebook phishing campaign looks to trick you with emails sent from Salesforce
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
Fraude en ligne phishing
Google Search ads are being hacked to steal account info
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does