Bad actors allegedly created over 39,000 phony login pages as part of a phishing scheme
Meta is taking legal action against the bad actors who allegedly impersonated Facebook, Messenger, WhatsApp, and Instagram to conduct a phishing scam. The company claims that since 2019, the defendants created over 39,000 websites in an attempt to replicate Meta’s services, subsequently deceiving users and collecting their login information.
In the post on its blog, Meta explains that the defendants used a relay service, Ngrok, to send internet traffic to the phony login pages they created, all while concealing their identity and location. Those who clicked the phishing link were brought to a login page that resembled Facebook, Instagram, Messenger, or WhatsApp. When the user attempted to log in, defendants would collect their victims’ usernames and passwords.
Meta noticed that these attacks started ramping up in March of this year and worked with Ngrok to suspend the URLs that the bad actors were using. A copy of the legal complaint obtained by The Verge shows that Meta’s lawsuit doesn’t just concern phishing attacks — it also raises an issue with copyright infringement. The defendants allegedly used the company’s trademarked logos and names on their fake login pages to mislead users.
“By creating and disseminating URLs for the Phishing Websites, Defendants falsely represented themselves to be Facebook, Messenger, Instagram, or WhatsApp, without Plaintiffs’ authorization,” the complaint reads. “Plaintiffs were adversely affected by Defendants’ phishing scheme and suffered, without limitation, damage to their brands and reputations, harm to their users.”
In 2019, Instagram introduced a tool to help combat phishing attacks, which lets you verify that the emails you receive are actually from Instagram. Meta’s brands aren’t the only high-profile companies affected by these scams — in October, Google reported a large-scale phishing campaign that attempted to steal creators’ login cookies on YouTube, gaining access to their username and password as a result.
“We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others,” wrote Jessica Romero, Meta’s director of platform enforcement and litigation in the company’s blog post. “And Meta blocks and shares phishing URLs so other
platforms can also block them.