After the counterintelligence work denounced in a recent survey dedicated to surveillance companies who used its tools to target over 50,000 people including journalists, politicians and activists, Meta has decided to take stock of phishing as well.
Zuckerberg’s group has launched a massive legal action against a large number of scammers who have set up more than 39,000 malicious sites since 2019, sort of fake-Facebook, in order to reproduce graphics, logos and accesses of the services of the colossus and thus steal information and sensitive data from people.
The numbers of the phenomenon
Fake Green Passes on Telegram: scammers grew by 257% in 5 months
by Emanuele Capone
It didn’t just happen on Facebook, but also with Messenger, WhatsApp and Instagram. They are called Phishing Scam, that is, operations which, using various connection channels, then try to defraud victims, convincing them to provide personal information, financial data or access codes, posing as reliable entities in the digital world, banking or any sector. In this case, disguising himself as Facebook or one of its products and services, in a large-scale theft of username and password.
In a official blog post, Meta explained that most of the time people and companies reported have used a relay service, that is a forwarding service known as Ngrok, to divert Internet traffic to fake homepages or login pages built ad hoc, all obviously hiding their location and identity . Who, for example from an email or a text message, he clicked on the offending link (despite repeated requests not to do so), ended up on a login page that largely resembled those on Facebook, Instagram, Messenger, or WhatsApp. When the user tried to enter, as happens in the most classic of online frauds, he was handing over his access data to who knows what criminal databases.
According to Meta, this kind of operation has seen an increase since March 2021. So the group has collaborated with Ngrok to disable the URLs that hackers and criminals used to trick people. As explained by The Verge, Meta’s quote isn’t limited to phishing operations, but it also moves against copyright infringement, because scammers have obviously used registered logos, names and graphics to make them more similar to authentic ones and push users to use fake login forms.
“By creating and disseminating urls for phishing sites, the aforementioned organizations falsely presented themselves as Facebook, Messenger, Instagram or WhatsApp, without the permission of the plaintiffs – the complaint reads – The plaintiffs were negatively affected by the defendants’ phishing scheme and suffered, without limitation, damage to their brands and reputation and damage to their users “. Meta explained that it is already working to proactively block and report “cases of abuse to the hosting and security community, domain name registries, privacy / proxy services and others – such as said Jessica Romero, responsible for the disputes and app control – Meta blocks and shares phishing urls so other platforms can stop them as well. “
Forecasts
Cybercrime and the ugly 2022 that awaits us
by Arturo Di Corinto
These are obviously widespread and long-term scams, which mainly involve the big names in technology or finance: just last October, for example, Google had reported a phishing campaign aimed at stealing YouTube access data.
.