It’s nothing short of a privilege that we live in a world where different interests can coexist rather productively. This delivers an equal chance to everyone in regards to fulfilling individual pursuits. However, the catch here would be our ability to impact other people’s interests. Now, one might argue this is not really a catch, as we can use the ability to help others, which we do on numerous occasions, but the cookie can crumble the other way too. There is enough evidence of a certain human tendency that encourages us to place our wants and needs over everything else. The emerging repercussions from such a move, in turn, have made their own case of being devastating beyond every expectation. Hence, in order to mitigate these scenarios, we integrated regulatory bodies within the world’s fabric, and it has proven to be as helpful as you would expect. The said dynamic, of course, change significantly upon technology’s arrival. Suddenly, our regulatory framework looked loaded with loopholes, and the latest victim in their wake happens to be social media giant, Meta.
Meta has officially filed a lawsuit against the cybercriminals, who put-together phishing efforts involving the creation of over 39,000 websites that posed as the login pages from Facebook, Messenger, Instagram, and WhatsApp. According to some reports, the cybercriminals in question used a relay service, Ngrok, for fetching internet traffic to their meticulously created phishing platforms. Once the user would play into the bait, the rest was all about getting them to fill in their login credentials. If the available information is to be believed, this phishing campaign has been active all the way since 2019. However, the attacks really multiplied in March 2021, prompting Meta to take stringent action.
“By creating and disseminating URLs for the Phishing Websites, Defendants falsely represented themselves to be Facebook, Messenger, Instagram, or WhatsApp, without Plaintiffs’ authorization,” Meta’s complaint stated. “Plaintiffs were adversely affected by Defendants’ phishing scheme and suffered, without limitation, damage to their brands and reputations, harm to their users.”
Following a serious uptick in the phishing activity, Meta contacted Ngrok, and with the service provider’s cooperation, the company was able to suspend URLs used by the attackers. Apart from phishing attacks, Meta’s complaint also touches on copyright infringement, which we saw happen quite brazenly when threat actors used the company’s trademarked logos and names to mislead users.
Social media platforms’ fight against cybersecurity has been going on for a while now. In 2019, as a way of curbing the security risk, Instagram introduced a tool that lets you verify all official emails from the company. Many similar measures were taken by other major platforms, and yet there is still a long way to go before we see a resolution.