Social Media

Meta takes legal action to disrupt phishing scheme

Our Bureau | | Updated on: Dec 21, 2021
image caption

The phishing attacks were designed to trick users into sharing their login credentials on fake login pages

Meta has filed a federal lawsuit in California court to disrupt phishing attacks designed to trick users into sharing their login credentials on fake login pages for Facebook, Messenger, Instagram and WhatsApp.

“Phishing is a significant threat to millions of Internet users. Phishing attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, a merchant, or other service,” Jessica Romero, Director of Platform Enforcement and Litigation at Meta explained in a blog post.

“The website, however, is a deception, a fake, and the site’s fake content is designed to persuade a victim to enter sensitive information, like a password or email address. Reports of phishing attacks have been on the rise across the industry and we are taking this action to uncover the identities of the people behind the attack and stop their harmful conduct,” Romero added.

This phishing scheme in question involved the creation of over 39,000 websites impersonating the login pages of Meta owned platforms - Facebook, Messenger, Instagram and WhatsApp. Users were prompted to enter their usernames and passwords on these websites which were then collected by the Defendants.

The bad actors used a relay service to redirect internet traffic to the phishing websites in a way that obscured their attack infrastructure as part of the attacks.

“This enabled them to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants,” Romero explained.

Meta then worked with the relay service to suspend “thousands” of URLs to phishing website after the volume of such attacks increased starting in March 2021.

“This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology,” Romero wrote.

“We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur. We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others,” Romero added.

Published on December 21, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

  1. Comments will be moderated by The Hindu editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.

You May Also Like

Recommended for you