Hard punch from Half against the age-old phenomenon of phishing. The newly formed holding of Zuckerberg has just filed a lawsuit against those responsible for the creation, from 2019 to today, of almost 40 thousand websites very similar to the famous Meta platforms (Facebook, Instagram, and so on), in an attempt to deceive the login credentials of the unfortunates. Phishing is a topic to which we have dedicated more than a few in-depth studies.
Phishing attacks – reads the blog post in which Meta communicates the start of the legal dispute – attract victims to a website that appears to be managed by a trusted entity, such as a bank, business or another. service. The website, however, is fake and its content, similar to that of the portal it attempts to replicate, is aimed at persuading the victim to enter sensitive information, such as a password or email address.
In two years and an “arsenal” of over 39,000 fake pages completely similar to the official ones, several users have fallen into the trap, ending up being robbed of access credentials to one or more services in Meta orbit. The criminals used a “tunnel”, Ngrok, to hide their identity and the places they operated from while directing users to dummy pages. Phishing attacks, Meta writes, increased in March 2021, when they intervened alongside Ngrok to block addresses used by criminals.
Colleagues from The Verge managed to get their hands on part of the legal process, discovering that Meta, in addition to referring the issue of phishing to the court, has copyright infringement also reported which derives from the use of registered trademarks – Facebook, Instagram, Messenger or WhatsApp – in an unauthorized way, as well as aimed at fraud. Those who have ended up “trapped”, we read, will tend to believe that they have been damaged by a Meta service, which, on the other hand, has no responsibility for the incident: hence the request for compensation.
We will continue to work with hosting services and vendors to identify and stop phishing attacks in the bud. We proactively block and report cases to the hosting and security community, domain traders, privacy providers, and others. Meta blocks and shares URLs used for phishing so that they can also be blocked by other platforms.