Meta files lawsuit against over 39,000 websites to disrupt phishing attacks designed to steal login credentials of its users
Dec 21, 2021, 11:14 IST
Meta (formerly Facebook) has filed a federal lawsuit in California court in the US to disrupt phishing attacks designed to deceive people into sharing their login credentials on fake login pages for Facebook, Messenger, Instagram and WhatsApp.
This phishing scheme involved the creation of more than 39,000 websites impersonating the login pages of Facebook, Messenger, Instagram and WhatsApp.
On these websites, people were prompted to enter their usernames and passwords, which Defendants collected.
Phishing is a significant threat to millions of Internet users. These attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, a merchant, or other service.
The website, however, is a deception, a fake, and the site's fake content is designed to persuade a victim to enter sensitive information, like a password or email address.
"Reports of phishing attacks have been on the rise across the industry and we are taking this action to uncover the identities of the people behind the attack and stop their harmful conduct," Meta said in a statement late on Monday.
As part of the attacks, Defendants used a relay service to redirect internet traffic to the phishing websites in a way that obscured their attack infrastructure.
This enabled them to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants.
"Starting in March 2021, when the volume of these attacks increased, we worked with the relay service to suspend thousands of URLs to the phishing websites," said Meta.
SEE ALSO:
Upcoming WhatsApp features: New admin controls, shortcuts for quick replies, message reactions and more
James Webb telescope: How to watch NASA’s largest and most powerful space science telescope launch on Dec 24
Advertisement
This phishing scheme involved the creation of more than 39,000 websites impersonating the login pages of Facebook, Messenger, Instagram and WhatsApp.
On these websites, people were prompted to enter their usernames and passwords, which Defendants collected.
Phishing is a significant threat to millions of Internet users. These attacks lure victims to a website that appears to be operated by a trusted entity, such as a bank, a merchant, or other service.
The website, however, is a deception, a fake, and the site's fake content is designed to persuade a victim to enter sensitive information, like a password or email address.
Advertisement
As part of the attacks, Defendants used a relay service to redirect internet traffic to the phishing websites in a way that obscured their attack infrastructure.
This enabled them to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants.
"Starting in March 2021, when the volume of these attacks increased, we worked with the relay service to suspend thousands of URLs to the phishing websites," said Meta.
SEE ALSO:
Upcoming WhatsApp features: New admin controls, shortcuts for quick replies, message reactions and more
James Webb telescope: How to watch NASA’s largest and most powerful space science telescope launch on Dec 24
Advertisement