Meta, formerly known as Facebook, announced today that it has filed a federal lawsuit in California court to take action to uncover individuals running a phishing scam. The company says the legal action aims to disrupt phishing attacks that are designed to trick people into sharing their login credentials on fake login pages for Facebook, Messenger, Instagram and WhatsApp.
For context, phishing attacks lure unsuspecting victims to websites that appear legitimate but are actually deceptively fake. The websites then persuade victims to enter their sensitive information, such as passwords and email addresses. Meta says it found more than 39,000 websites that are impersonating the login pages of Facebook, Messenger, Instagram and WhatsApp as part of the phishing scheme. It also notes that reports of phishing attacks have been on the rise and that it is filing this lawsuit to take legal action against these attacks.
"On these websites, people were prompted to enter their usernames and passwords, which Defendants collected," Jessica Romero, Meta's director of platform enforcement and litigation, wrote in a blog post. "As part of the attacks, Defendants used a relay service to redirect internet traffic to the phishing websites in a way that obscured their attack infrastructure. This enabled them to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants."
Romero says that in March, Meta started working with the relay service to suspend thousands of URLs that hosted the phishing websites. Meta plans to continue to collaborate with online service providers to disrupt phishing attacks. It notes that it works to proactively block instances of abuse to the security community, domain name registrars and others. The company says it also shares phishing URLs so other platforms can block them as well.
"This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology." Romero wrote in the blog post.
Meta's latest lawsuit isn't the first time that the company has cracked down on phishing scams on its platforms. Last month, Meta revealed that it took action against four several groups of hackers from Syria and Pakistan. The groups used phishing links to manipulate users into giving up their Facebook credentials. Earlier this year in March, the company also took action against a group of hackers in China known as Earth Empusa or Evil Eye. Meta, which was known as Facebook at the time, said it disrupted the hackers' ability to use their infrastructure to abuse its platform. The company also took similar action against hackers in Bangledesh and Vietnam in 2020.