Meta, a parent company of Facebook, has filed a federal lawsuit in California court to disrupt phishing attacks against Facebook, Messenger, Instagram and WhatsApp users.
The malicious actors behind these attacks created more than 39,000 websites impersonating the login pages of Facebook, Messenger, Instagram and WhatsApp where visitors were prompted to enter their usernames and passwords that were then collected by the defendants.
According to Jessica Romero, Meta's Director of Platform Enforcement and Litigation, the attackers used a relay service, Ngrok, to redirect internet traffic to the phishing websites to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants.
Meta said that the volume of these attacks has increased since March 2021, and it worked with the relay service to suspend thousands of URLs to the phishing websites.
“This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology. We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur,” Romero said.
Last week, Facebook announced it disrupted operations of seven “cyber mercenary” companies that created over 1,500 fake accounts used to target more than 50,000 people in over 100 countries. The list of exposed companies include Israel-based Cobwebs Technologies, Cognyte, Black Cube, and Bluehawk CI, an Indian outfit BellTroX, a North Macedonian company Cytrox, and an unknown entity operating out of China.