Facebook’s parent company Meta Platforms on Monday said it has filed a federal lawsuit in the U.S. state of California against bad actors who operated more than 39,000 phishing websites that impersonated its digital properties to mislead unsuspecting users into divulging their login credentials.
The social engineering scheme involved the creation of rogue webpages that masqueraded as the login pages of Facebook, Messenger, Instagram, and WhatsApp, on which victims were prompted to enter their usernames and passwords that were then harvested by the defendants. The tech giant is also seeking $500,000 from the anonymous actors.
The attacks were carried out using a relay service, Ngrok, that redirected internet traffic to the phishing websites in a manner that concealed the true location of the fraudulent infrastructure. Meta said the volume of these phishing attacks ramped up in volume since March 2021 and that it worked with the relay service to suspend thousands of URLs to the phishing websites.
“This lawsuit is one more step in our ongoing efforts to protect people’s safety and privacy, send a clear message to those trying to abuse our platform, and increase accountability of those who abuse technology,” Jessica Romero, Meta’s director of platform enforcement and litigation, said in a statement.
The litigation comes days after the social technology company announced it took steps to disrupt the activities of seven surveillance-for-hire outfits that created over 1,500 fake accounts on Facebook and Instagram to target 50,000 users located in over 100 countries. Last month, Meta said it had banned four malicious cyber groups for targeting journalists, humanitarian organizations, and anti-regime military forces in Afghanistan and Syria.