The company that owns some of the world’s most popular social media platforms is alerting users of a scam targeting billions.
Meta, formerly known as Facebook, is the parent company of Instagram, WhatsApp, Facebook and Messenger.
The firm filed a lawsuit in the US state of California on Monday aimed at stopping the attacks by fraudsters.
According to Meta, the phishing attacks are designed to deceive people into sharing their login details on fake login pages on the social media and messaging sites.
“Phishing is a significant threat to millions of Internet users” and such attacks “lure victims to a website that appears to be operated by a trusted entity, such as a bank, a merchant, or other service,” the company explained in a statement.
“The website, however, is a deception, a fake, and the site’s fake content is designed to persuade a victim to enter sensitive information, like a password or email address.
(Image: DPA/PA Images)
“Reports of phishing attacks have been on the rise across the industry and we are taking this action to uncover the identities of the people behind the attack and stop their harmful conduct.”
Meta says that the scam attempts targeting its platforms involved the creation of more than 39,000 websites impersonating the login pages of Facebook, Messenger, Instagram and WhatsApp.
On these websites, people were prompted to enter their usernames and passwords, which the fraudsters collected.
It explains: “As part of the attacks, Defendants used a relay service to redirect internet traffic to the phishing websites in a way that obscured their attack infrastructure.
“This enabled them to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants.
“Starting in March 2021, when the volume of these attacks increased, we worked with the relay service to suspend thousands of URLs to the phishing websites.”
Meta says the lawsuit is another step in its efforts to protect people’s safety and privacy and to “send a clear message to those trying to abuse our platform and increase accountability of those who abuse technology”.
“We will also continue to collaborate with online hosting and service providers to identify and disrupt phishing attacks as they occur,” Mera added.
“We proactively block and report instances of abuse to the hosting and security community, domain name registrars, privacy/proxy services, and others. And Meta blocks and shares phishing URLs so other platforms can also block them.”