Meta (previously known as Facebook) and Chime (a financial technology and digital banking business) have filed a joint lawsuit against two Nigerians who allegedly impersonated Chime and targeted its customers in phishing attacks using Instagram and Facebook accounts. The accused persons, Arafat Eniola Arowokoko and Arowokoko Afeez Opeyemi, allegedly impersonated the fintech firm and attempted to take over consumers’ accounts via a network of at least five Facebook profiles and more than 800 Instagram accounts.
They used these accounts for attracting potential victims to Chime-branded phishing websites in order to steal Chime credentials (email and password) and take over the victims’ accounts. At chime62.godaddysites[.]com, a phishing website still exists, requiring users to provide their phone number, email, Social Security number, and Chime password. The scheme’s ultimate purpose was to take money from victims’ Chime accounts without their knowledge. Users were urged to submit their Chime usernames and passwords on these phishing websites to breach their Chime member accounts and withdraw cash.
“Since June 2020, Meta has taken multiple enforcement actions against Defendants for violating its Terms, including as recently as October 22, 2021,” as stated in the joint complaint Meta and Chime filed in the US District Court for the Northern District of California.
Meta banned phishing websites, and disabled fake accounts on Facebook and Instagram used to mimic Chime. It also issued cease-and-desist letters to the two defendants on July 9, informing them that their actions violated the platforms’ agreements and canceling their access to Facebook and Instagram. Defendants proceeded to construct additional Chime-impersonating accounts notwithstanding this. In total, Meta deactivated over 800 Facebook and Instagram accounts and prevented phishing websites related to Defendants and their scheme from being accessible on Facebook and Instagram between June 5, 2020 – October 22, 2021.
This complaint is part of a broader series of lawsuits filed by Meta against threat actors who misuse its platform and target its users for nefarious objectives. For example, Meta sued the operators of nearly 39,000 phishing sites that target Facebook, Messenger, Instagram, and WhatsApp users in December. In the same month, Meta reported that it had shut down seven spyware businesses’ activities by restricting their infrastructure on its platform, delivering cease-and-desist letters, and banning their accounts.