Facebook has announced it identified two groups that undermine users' safety and experience, and it is launching legal action against them for violating terms. In the first case, there is a group of advertisement scammers based in California who engaged in a “bait-and-switch” scheme on the social media platform. The second lawsuit targets four individuals from Vietnam who carried out “session theft” and “cookie theft” attacks to compromise the accounts of other Facebook users.
The marketing company facing the first lawsuit is "N&J USA Incorporated" and its agents Mohit Melwani and Vishaal Melwani. Facebook has identified them as fraudsters because they ran ads for merchandise, clothing, and toys but used URLs that redirected those who clicked on the ads to e-commerce sites that were basically clones. Any items purchases through these sites were never shipped to the customer, or people received something of lesser quality than what they were made to believe they’re buying.
When user complaints piled up on the relevant Facebook page, the scammers blocked the users and concealed their negative reviews. Moreover, they opened up multiple new “Pages” to rinse and repeat, continuing to scam other users while pretending to be legitimate sellers of a variety of well-priced goods.
In the second case, we have four Vietnamese users, namely Thêm Hữu Nguyễn, Lê Khang, Nguyễn Quốc Bảo, and Pham Hữu Dung’, who targeted the accounts of employees of advertising and marketing agencies to run ads through them. The trick employed by the hackers was to convince the owners of these accounts to install a malware app from the Play Store (has been removed), named “Ad Manager for Facebook.” The app was a phishing tool that did nothing more than stealing the account credentials and send them to the actors.
In total, the four defendants run over $36 million in unauthorized ads, which is financial damage incurred to Facebook as the platform covered the losses for the victims. Of course, the loss of potential revenue for the time these advertisers got locked out of their accounts, as well as the large number of people who must have been tricked by these ads on Facebook, cannot be estimated and reimbursed. For this reason, the group of four hackers will now face legal action for what they did.