All Meta Apps Targeted In Phishing Scheme

Facebook,massenger,Instagram and whatsapp targeted

Technology
20. Dec 2021
202 views
All  Meta Apps Targeted In Phishing Scheme

More than 39,000 websites pretended to be the login pages for Facebook, Messenger, Instagram and WhatsApp to trick people into entering their usernames and passwords.


Meta, formerly known as Facebook, said Monday it's suing people who are behind a phishing scheme to steal usernames and passwords from its platforms.

The lawsuit, filed in a federal court in Northern California, says that since 2019 more than 39,000 websites have been created that impersonated the login pages for Facebook, Instagram, Messenger and WhatsApp. Meta doesn't know who is behind the attack but says it's part of an effort to trick its users into entering their usernames and passwords.

Get the CNET Home newsletter
Modernize your home with the latest news on smart home products and trends. Delivered Tuesdays and Thursdays.
The move underscores how the world's largest social network is trying to combat phishing, a practice in which attackers will create fake websites or emails to try to dupe people into providing their personal information.

"Reports of phishing attacks have been on the rise across the industry and we are taking this action to uncover the identities of the people behind the attack and stop their harmful conduct," Jessica Romero, Meta's director of platform and litigation, said in a blog post.

In July, the Anti-Phishing Working Group said it logged 260,642 phishing attacks, the highest monthly total in the group's reporting history. Phishing attacks have doubled from 2020, according to the group's report.

The unnamed defendants were able to conceal their identities by using services provided by the San Diego-based tech company Ngrok "to relay internet traffic to their phishing websites in a manner that obfuscated where their websites were hosted," the 21-page lawsuit says. The company alleges in the lawsuit that the defendants violated the social network's terms of service, California's Anti-Phishing Act and a federal law that prohibits trademark infringement.

Ngrok didn't immediately respond to a request for comment.

The lawsuit included screenshots of login pages that looked identical to the login pages for Facebook, Instagram, Messenger and WhatsApp but used Ngrok URLs. Some of the fake websites were in English and Italian. The lawsuit doesn't say how many people were tricked into handing over their personal information.

Comments

No comments has been added on this post

Add new comment

You must be logged in to add new comment. Log in