Meta filed a lawsuit in California court to stop phishing attacks that target its users on Facebook, Messenger, Instagram, and Whatsapp.
The company had to take steps to stop phishing
Meta’s decision came as there were more than fake 39,000 website trying to trick its users. Jessica Romero, Meta’s Director of Platform Enforcement and Litigation, mentioned that these were ” impersonating the login pages of Facebook, Messenger, Instagram and WhatsApp”.
Romero also added that users “were prompted to enter their usernames and passwords” and the attackers collected them.
In order to prevent detection, the defendants used a relay service – Ngrok. Thus, they could redirect internet traffic to the phishing websites, according to the complaint. So, they could hide the identities of the hosting providers and the phishing sites’ locations.
Meta worked with the relay service
In order to stop this kind of attacks, Meta worked with the relay service that the attackers used. Thus, it managed to suspend thousands of landing pages that the attackers used.
Romero explained that “Meta blocks and shares phishing URLs,” so that other platforms can block them, too.
And these are not the first steps that Meta has taken. Facebook sued Namecheap (a domain name registrar) and its proxyserver Whosisguard, in March last year. They were “registering domain names that aim to deceive people, by pretending to be affiliated with Facebook apps”. Also, attackers used them “for phishing, fraud and scams.”
Previously, it sued OnlineNIC and its ID Shield privacy services. According to Facebook, it allowed the registration of lookalike domains which attackers used in malicious campaigns.
Moreover, last week the company announced it blocked the infrastructure of seven spyware-making companies. In order to do this, it blocked their infrastructure and also banned their accounts on its platform.
This might seem the bright side of Facebook, or at least what it tries to do, in order to repair its broken image.