Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

Facebook Sues Hackers Who Hijacked Advertising Agencies’ Accounts

Facebook Sues Hackers Who Hijacked Advertising Agencies’ Accounts

Facebook has filed lawsuits against two groups of suspects who took over advertising agency employees’ accounts and abused its ad platform to run unauthorized or deceptive ads.

The social network says that four Vietnamese nationals (Thêm Hữu Nguyễn, Lê Khang, Nguyễn Quốc Bảo, and Pham Hữu Dung) took over the Facebook accounts of multiple employees working at marketing and advertising agencies using a technique known as session theft (aka cookie theft).

Their victims’ Facebook login credentials were stolen using a malicious Android app named “Ad Manager for Facebook” created by the defendants and no longer available on the Google Play Store.

The app prompted the targets to enter their credentials and other sensitive information, later used by the suspects to take over their accounts and run over $36 million worth of Facebook ads without authorization.

Facebook refunded and helped the victims secure their accounts and is seeking to hold the attackers “accountable for creating the app, tricking people into installing it, compromising people’s Facebook accounts and then using those accounts to run deceptive ads.”

The company also sued California marketing company N&J USA Incorporated and its agents for running a bait-and-switch advertising scheme on Facebook’s ad platform.

“When someone clicked on one of these ads, they were redirected to third-party e-commerce websites to complete their purchase,” said Jessica Romero, Director of Platform Enforcement and Litigation.

“After paying for an item, users either never received anything or received merchandise that was different or of a lesser quality than what had been advertised.”

Also Read: Got Hacked? Here Are 5 Ways to Handle Data Breaches

Facebook fights platform abusers in court

This is the second time the social network giant has sued ad platform abusers for orchestrating account takeover attacks targeting Facebook accounts.

In 2019, Facebook sued one entity and two individuals for tricking its users into installing malware via Facebook ads.

The malware was designed to help the attackers take over targets’ Facebook accounts for running ads promoting counterfeit goods and diet pills.

These legal actions are part of a long series of instances where Facebook sued individuals and entities who abused the company’s platforms and services.

Notably, in March 2020, Facebook sued domain name registrar Namecheap and its Whoisguard proxy service “for registering domain names that aim to deceive people by pretending to be affiliated with Facebook apps,” frequently being used “for phishing, fraud and scams.”

In October 2019, Facebook filed another lawsuit against domain name registrar OnlineNIC and its ID Shield privacy service for allowing the registration of lookalike domains used in malicious campaigns.

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

The same month, Facebook also sued Israeli cyber-surveillance firm NSO Group and Q Cyber Technologies, its parent company, for creating and selling a WhatsApp zero-day exploit used to attack high-profile targets, including government officials, diplomats, and journalists.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us