Meta files lawsuit against phishing actors on Facebook and Instagram

February 2, 2022
Meta Lawsuit Phishing Threat Actors Facebook Instagram Social Media Policy Enforcement NSO Group

Meta, also known for its previous brand called Facebook, has filed a lawsuit in a Californian-state court to obstruct all phishing campaigns that target WhatsApp, Messenger, Facebook, and Instagram users.

The threat actors used these phishing campaigns to utilise about 40,000 pages and sites that would imitate the login pages of the four apps to target a massive number of users.

Moreover, Meta’s Director of Platform Enforcement and Litigation stated that these phishing operations involved the development of more than 38,000 web pages imitating the login pages of other numerous applications. Users will then be requested to enter their credentials, such as usernames and passwords on these websites, which the phishing operators can collect.

The phishing actors utilised a relay service to prevent cybersecurity solutions from detecting and obstructing their infrastructure by redirecting internet traffic to phishing websites. Therefore, it conceals the identities of their online providers and phishing websites’ whereabouts.

After the attack was discovered last March of this year, Meta worked with the relay service utilised by the phishing campaign to postpone thousands of the redirected pages employed in the cyberattacks.

 

Before becoming Meta, Facebook has already taken legal actions against phishing abuse.

 

Facebook has been part of an extensive series of lawsuits against threat groups, especially phishing operators, targeting users and those abusing their apps for illegal and malicious campaigns.

For example, back in March 2020, Facebook sued a domain name registrar known as ‘Namecheap’ and its ‘Whoisguard’ proxy service for allowing domain names to register, which aims to scam people by pretending to be involved with Facebook apps. These malicious domains were believed to be frequently using scams, frauds, and phishing in their transactions.

In October 2019, Facebook also filed a lawsuit against an Israeli cyber-surveillance company, NSO group, for creating and selling a WhatsApp zero-day abuse used by nation-backed threat groups to compromise the devices of their targets, such as diplomats, reporters, journalists, and government officials.

In the same month, the social media company filed another lawsuit against another domain name, registrar OnlineNic, and its ID shield policy to approve the registration of Facebook-lookalike domains utilised in malicious methods.

Then in last December, Meta also announced that it obstructed the operations of seven spyware developing firms, sending cease and desist letters, banning their accounts from its platform, and blocking their infrastructure.

About the author

Leave a Reply