• On Wednesday, 19th February between 10:00 and 11:00 UTC, the forum will go down for maintenance. Read More

Facebook is suing several Vietnamese residents for $36 million over a fake “ad manager” Android application

RealDaddy

Repeatedly violating rules
Joined
Jun 30, 2018
Messages
9,017
Reaction score
11,292
Facebook Tuesday sued four Vietnamese residents who allegedly perpetrated a $36 million ad fraud scheme that involved taking control of the accounts of users who worked at advertising and marketing agencies.

“Defendants misused cookies to take control of the accounts, a technique known as 'session or cookie theft,' and targeted employees of advertising and marketing agencies, which had access to large corporate ad accounts,” Facebook wrote in a complaint filed in U.S. District Court in Oakland, California.

The company says the defendants -- Them Nguyen, Le Khang, Nguyen Quoc Bao, and Pham Huu Dung -- duped users into installing an app called “Ad Manager for Facebook” from Google Play store.

That app, which wasn't affiliated with Facebook, obtained the users' logins and passwords, which enabled the defendants to access the users' Facebook accounts and run ads without their knowledge.

The fake "ad manager" app was installed more than 10,000 times between December of 2020, when it appeared on the Play store, and last month, according to Facebook's complaint.

Google removed the app last month, according to Facebook's court filing.

Facebook also says that on Friday, it disabled Facebook and Instagram accounts created or controlled by the defendants. Before Facebook moved to block the defendants, they allegedly ran at least $36 million of unauthorized ads, including for products one of them sold through his own e-commerce site.

Specifically, Facebook alleges that Nguyen “used cookie theft to obtain access to Facebook accounts and run ads for some of his own e-commerce sites that sold t-shirts, mugs, and other merchandise.”

The defendants not only ran approximately 10,000 ads on Facebook and Instagram but also “offered compromised accounts for rent to other Facebook users,” according to the complaint.

For instance, in March the defendant Dung Ma allegedly “offered users in Vietnam the ability to rent access to compromised accounts to promote products through live video ads.”

The company claims the men violated Facebook's terms of service, as well as California and federal anti-hacking laws. Facebook is seeking monetary damages of at least $36 million, and a court order prohibiting the defendants from accessing the site.

Facebook also brought a second lawsuit Tuesday against N&J USA Incorporated and two individuals -- Mohit Melwani, and Vishaal Melwani -- over an alleged bait-and-switch scheme.

The social-networking platform alleges in that matter that N&J USA and the others ran ads on Facebook that promoted clothing, watches, and toys sold on third-party websites, but that users who made purchases either didn't receive anything or received inferior products.

“In an effort to conceal their bait-and-switch scheme on Facebook, the defendants blocked and concealed user complaints and negative reviews on their Facebook Pages,” Jessica Romero, director of platform enforcement and litigation at Facebook, https://about.fb.com/news/2021/06/combating-e-commerce-scams-and-account-takeover-attacks/.

She added that Facebook previously disabled some of the accounts and pages associated with that scheme.
(https://www.mediapost.com/publications/article/364677/facebook-sues-over-36-million-ad-fraud-scheme-ta.html)
 
In Dec 2020 : The Federal Trade Commission sued Facebook, alleging that the company is illegally maintaining its personal social networking monopoly through a years-long course of anticompetitive conduct.
In Feb 2021 : Facebook sued for 'deceptive practices' over disinformation on platform
In Feb 2021 : Facebook sued for 'losing control' of users’ data
In Apr 2021 : Facebook Sued for Failing to Police Anti-Muslim Hate Speech
 
Poor old zucchini or however you spell his name
 
Shouldnt part of this be falling on googles head for allowing such an obvious fake app onto the play store in the first place. I've added apps to the play store, there is a human review process alongside an automated one.
 
36mil in fraudulent ad spend. imagine 5x roas. 180 million revenue.

wonder exactly how it was traced back to them. would imagine they had some opsec going on. with 180 mil in vietnam they must have been flexing hard with it.
 
theres an updated article saying FB found a california-based e-commerce company to put the blame on

curious to see whats going to end up with those 4 people in vietnam.

fb has a history of lawsuits. 2019 they filed one against namecheap and whoisguard. black hatters were registering names like "faceb00k-login.com" for phishing. FB demanded namecheap expose who did it and not allow that stuff to go on. namecheap said they cant expose whois privacy. FB said cya in court. the courts dismissed the case.
 
Back
Top