Meta fights branded phishing scams
Meta fights branded phishing scams

Meta Corporation is taking legal action against suspected bad guys who claim to be WhatsApp, Facebook, Messenger and Instagram for conducting phishing scams.

The company claims that the defendant has created more than 39,000 websites since 2019 to duplicate Meta services. To deceive users and collect credentials.

The company stated that the defendants used the Ngrok service to send internet traffic to a fake login page they had created while concealing their identities and location.

If you click on the phishing link, you will be redirected to a login page similar to WhatsApp, Facebook, Messenger or Instagram.

When the user attempted to log in, the defendant collected the victim's username and password.

The company indicated that these attacks began to escalate in March of this year. I worked with Ngrok to block urls used by bad actors.

A copy of the lawsuit showed that Meta's lawsuit contained a phishing attack and also caused copyright infringement issues.

The defendant was suspected of misleading users by using the company logo and brand name on a fake login page.

The lawsuit alleges that by creating and posting a phishing website URL without the plaintiff's consent, the defendant incorrectly identified himself as WhatsApp, Facebook, Messenger or Instagram. The plaintiff was compromised by the defendant’s phishing scheme, his brand and reputation were damaged, and users were harmed.

Metaloc and phishing sharing url

In 2019, Instagram launched a phishing attack tool that allows you to verify that the email you receive from Instagram.

The Meta brand isn't the only known brand affected by these scams. In October, Google reported an extensive phishing campaign.

Google said the campaign attempted to steal login cookies from YouTube creators. This leads to access to the username and password.

We proactively block and report abuse to host communities, security, domain name registrants, privacy services and more. The company blocks and shares phishing URLs so other platforms can block them as well.

Previous Post Next Post