Cyber security firm Proofpoint has filed a lawsuit against Facebook and Instagram in an effort to slow the two companies down. Facebook and Instagram are seizing domain names relevant to Proofpoint, which they use for security testing and training.
Counter-suit in response
Proofpoint’s lawsuit is in response to Facebook’s request last November, according to a countersuit. The social networks filed a Uniform Domain-Name Dispute-Resolution (UDRP) motion, which is designed to get domain name registrar Namecheap to hand over domain names. The domain names are those that are similar to both the Instagram and Facebook brands. Among them are names such as acbook-login.com, facbook-login.net, instagrarn.ai, instagrarn.net and instagrarn.org. However, according to Proofpoint’s reasoning, the filed UDRP requests should only be applied to domain names registered with malicious intent. According to the cyber security company, they are using the domains for a legitimate purpose and also only in good faith.
Proofpoint’s phishing awareness tests are critical to the security of customers, as well as Facebook itself, according to the company. These teach users to recognize attacks. The lookalike domains are important for this. Most importantly, Proofpoint also emphasizes that there is no criminal intent behind their use; these are not weapons, nor do they inflict harm on users. If users click on a link within Proofpoint’s phishing tests, they are informed. No information, for example, about Facebook or Instagram account details, is collected in the process. Thus, the user does not bear any harm. In addition, should users access one of the lookalike domains directly, they are warned that they are not on the official Facebook or Instagram site. Proofpoint also clearly states on its pages, “Hello! This website belongs to Proofpoint Security Awareness Training. This domain is used to teach employees how to recognize and avoid phishing attacks”. That way, consumers are informed and there is no confusion. The cybersecurity company now wants a court to confirm that Proofpoint’s domain name used is “in connection with a bona fide offering of goods or services.” This would confirm that the lookalike domains cannot be the subject of a UDRP seizure request.
Facebook’s legal department is active
In 2020, Facebook’s legal department has been busy. The social network actively filed several lawsuits against the developers of rogue browser extensions and Facebook apps, which had unauthorizedly collected Facebook users’ data. Among them was a lawsuit against Namecheap. This was intended to expose cybercrime groups that had registered precisely lookalike domains from Facebook. This is probably the reason for the applications against the domains used by Proofpoint. The outcome is still uncertain.
