Meta, formerly Facebook, has filed a federal lawsuit in California court to disrupt phishing attacks, according to a company’s statement.
Meta Files Lawsuit Against Phishing
The purpose of the lawsuit is to fight phishing attacks that aim to obtain users’ login credentials via fake login pages for Facebook, Messenger, Instagram and WhatsApp, all owned by Meta. Phishing is one of the continuously evolving online threats, part of the family of social engineering tricks.
“Reports of phishing attacks have been on the rise across the industry and we are taking this action to uncover the identities of the people behind the attack and stop their harmful conduct,” Meta said in the statement. The company is aware of a phishing scheme consisting of more than 39,000 websites, attempting to impersonate the login pages of the above-mentioned products. The pages were created with the sole purpose to prompt users to share their usernames and passwords, collected by the Defendants.
“As part of the attacks, Defendants used a relay service to redirect internet traffic to the phishing websites in a way that obscured their attack infrastructure. This enabled them to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants. Starting in March 2021, when the volume of these attacks increased, we worked with the relay service to suspend thousands of URLs to the phishing websites,” Meta said.
It is noteworthy that this is the first lawsuit filed against phishing site operators, not against one particular phishing group. The lawsuit is filed against all phishers that rely on a specific scheme, which in this case is using Ngrok as a relay system to temporarily host phishing sites.
What do experts think about the lawsuit? According to Crane Hassold, Director of Threat Intelligence at Abnormal Security, this lawsuit won’t achieve anything but will create a legal precedent. “We’ve seen other large companies in the past, like Microsoft, use civil lawsuits to try and mitigate phishing threats, but those efforts were usually aimed at the infrastructure hosting phishing sites, rather than targeting anonymous actors like we’re seeing in this Facebook lawsuit,” the expert has added in an email shared with The Record.
Meta Adds Scraping to Its Bug Bounty Program
Earlier this week, Meta made another effort to improve its security by adding scraping attacks to its bug bounty program. Scraping is an issue that Facebook has been struggling with in the past. Because of this, two areas of research for its Bug Bounty and Data Bounty programs were added: scraping bugs and scraped databases.
In 2020, security researchers came across a phishing campaign that targeted 450,000 Messenger accounts.