Don’t Let the Facebook Phishing Lawsuit Offer False Sense of Security

Every Internet user must be aware of the dangers of phishing attacks. These types of scams are escalating.


Facebook has recently taken action to help combat the growing problem of phishing. They filed a $2 million lawsuit against a number of fraudulent websites, as well as some domain hosts that gave them the opportunity to exploit their victims.

The lawsuit alleges that the domain hosts were either intentionally or unintentionally complicit in the scams. They are suing for a trademark infringement, because some of the fraudulent domains used terms including the word “Facebook.” These websites claimed to part of the Facebook brand and were asking users to update or download Facebook apps in an attempt to steal their information.

This is an important step in fighting the growing epidemic of phishing attacks. Unfortunately, it is probably barely going to make a dent in the problem, even if the lawsuit is successful. Therefore, people will need to continue taking protective measures to keep themselves safe from phishing scammers.

Phishing example

Example of phishing email

Internet users should not be lulled into a false sense of security over the Facebook lawsuit

Phishing is a major problem that cost Americans about $50 million in 2018. The Facebook lawsuit is an encouraging attempt to limit the damage of this worsening problem. However, there are a few reasons consumers can’t be too complacent. Some of the limitations and drawbacks of the Facebook lawsuit are listed below.

The lawsuit only applies to scammers caught infringing on trademarks

The only reason that Facebook has standing to file the lawsuit is that offending hackers illegally used their trademarks. They would not have any recourse otherwise. This means that there are still few remedies for victims of other types of phishing attacks.

Other organizations might not be able to follow suit

Facebook is able to file this lawsuit, because it has substantial amounts of money. However, many other organizations could not afford to file a similar lawsuit. If hackers used a phishing attack that impersonated a smaller business or nonprofit organization, then the other entities might not be able to afford to sue for trademark violations.

A lot of phishing attacks impersonate government organizations, such as law-enforcement agencies like the FBI. Government entities are not allowed to sue, so they will not be able to take the same measures. They would be able to file criminal lawsuits against individuals impersonating public officials. However, this remedy would only be reserved for the actual hackers. They would not be able to take the same measures against domain hosts, unless they could meet the very high standard needed to charge them with a crime. They would also need to be able to physically arrest the criminals, which may not be easy if they are in a country thousands of miles away.

The proposed remedies might not be possible

It is still too early to know how a court will find the defendants in the Facebook trademark lawsuit. There are a couple of possibilities:

  • The courts decide that the defendants, namely the domain hosts, are not liable for the illegal content of the phishing scammers that used their platforms. This which set a precedent that they would not be required to take action to combat phishing scams using their services.
  • The court rules in favor of Facebook. The domain hosts would be required to pay the $2 million in restitution and obligate them to take preventive measures to avoid similar issues in the future.

The second scenario would obviously be most favorable for people rooting against the scammers. However, the new measures that are called for might not be realistic. Domain hosts and email providers might not possibly be able to that every new account or website domain address that attempts to impersonate another organization. This would either lead to crippling administrative and legal costs that could shut down many essential online services or lead to the proposed remedies being voided.

Criminals might circumvent the president by using platforms outside of most jurisdictions

The only way that companies like Facebook would be able to take action against offending companies would be if they used domain hosts or email providers in countries where the lawsuits could be applied. However, some hackers would likely start using platforms in jurisdictions where they would be untouchable.


Leave a Reply

Your email address will not be published. Required fields are marked *