Social media giant, Facebook, edges its crackdown against sites that sell hacking tools and phishing kits that can be used to target the platform. This time, Facebook is taking the domain hosts where these sites are registered to court for copyright infringement and allegations of cybersquatting.
Facebook filed a lawsuit against web hosts OnlineNIC and ID Shield, where sites like “HackingFacebook.net” and “iiinstagram.com” are registered. The lawsuit was filed Monday in the US District Court of the Northern District of California. The San Francisco-based tech giant ‘s lawsuit alleges that the said web hosts committed trademark violations and cybersquatting laws.
The web hosts are where the sites, as mentioned earlier, are registered. According to the lawsuit, these sites have been selling and offering hacking tools and phishing campaigns against Facebook users. Facebook said in the court documents that the tech giant has already sent multiple requests for the hosts to take down the infamous sites, explaining that the said website that the defendants are hosting are violating the company’s intellectual property rights. Facebook said it sent at least five notices to ID Shield to disclose the owners behind websites like “facebook-login.com.”
The court document reveals that both defendants are hosting at least 20 problematic websites. “OnlineNIC and ID Shield registered, used, or trafficked in at least 20 domain names that are identical or confusingly similar to the Facebook Trademarks and the Instagram Trademarks,” reads the court document.
The domains cited by Facebook in the court filing includes:
The sites are allegedly used for phishing campaigns against Facebook users
Facebook alleges these sites that are hosted by the two defendants are designed to mimic the login pages of both Facebook and Instagram in order to trick users into keying in their login information such as emails, usernames, and passwords. In other words, these sites are basically just phishing landing pages for hackers to scrape off login information, which they can use in other sophisticated attacks like credential stuffing and identity fraud.
For example, one of the sites listed by the company in the lawsuit with the domain name “m-facebook-login.com,” is designed to look exactly like the Facebook login page.
As one of the most popular social media platforms, Facebook said that it holds the responsibility to “protect the integrity” of its services.
“People count on us to protect the integrity of our apps and services,” a Facebook spokesperson said in a statement. “We don’t tolerate people creating web addresses that pretend to be associated with our family of apps. Today’s lawsuit shows we will take action against those behind this abuse.”
As part of the lawsuit, Facebook is asking the court for them to be paid by the defendants $100,000 for damages for each domain name, totaling to at least $2 million for all the 20 websites it tagged in the lawsuit.
As of writing, OnlineNIC and ID Shield are yet respond to requests for comment.