Facebook: Combating E-Commerce Scams and Account Takeover Attacks

Home » blog » Facebook: Combating E-Commerce Scams and Account Takeover Attacks
Facebook: Combating E-Commerce Scams and Account Takeover Attacks

As part of our ongoing efforts to keep people safe and combat abuse of our ad platform, we filed two separate legal actions today against the perpetrators of online scams who violated our Terms and Advertising Policies.   

In the first case, the defendants are a California marketing company and its agents responsible for a bait-and-switch advertising scheme on Facebook. In the second case, the defendants are a group of individuals located in Vietnam who got users to self-compromise their Facebook accounts and ran millions of dollars of unauthorized ads. 

Combating Ad Scams

Our first lawsuit is against N&J USA Incorporated, Mohit Melwani, and Vishaal Melwani, who ran deceptive ads on Facebook that promoted the sale of merchandise such as clothing, watches and toys. When someone clicked on one of these ads, they were redirected to third-party e-commerce websites to complete their purchase. After paying for an item, users either never received anything or received merchandise that was different or of a lesser quality than what had been advertised. 

In an effort to conceal their bait-and-switch scheme on Facebook, the defendants blocked and concealed user complaints and negative reviews on their Facebook Pages. Facebook previously disabled several of the defendants’ accounts and Pages. This action is one of Facebook’s first lawsuits against this type of bait-and-switch scheme and builds on our prior actions against e-commerce abuse.

Disrupting Account Takeover Attacks

The second suit is against four individuals residing in Vietnam, who used a technique known as “session theft” or “cookie theft” to compromise accounts of employees of advertising and marketing agencies and then ran unauthorized ads. The defendants misled the victims into self-compromising their accounts by installing a mobile app from the Google Play Store deceptively called “Ad Manager for Facebook.” This app, which has since been removed from the Play store, was created by the defendants and prompted users to share their Facebook login credentials and other information, which was then used to access their Facebook accounts and run ads. In some cases, these ads also promoted online scams. The group ran over $36 million in unauthorized ads. In this case, Facebook refunded the victims and helped them secure their accounts.

The suit seeks to expose the full conduct of Thêm Hữu Nguyễn, Lê Khang, Nguyễn Quốc Bảo and Pham Hữu Dung’s and hold them accountable for creating the app, tricking people into installing it, compromising people’s Facebook accounts and then using those accounts to run deceptive ads. This is our second lawsuit against an account takeover attack.

Today’s legal actions demonstrate our ongoing commitment to protecting users, enforcing our policies and holding people accountable for abusing our services.