Proofpoint Sues Facebook To Get Permission To Use Lookalike Domains For Phishing Tests

Cyber-security powerhouse Proofpoint has filed a lawsuit this week against Facebook in relation to the social network’s attempt to confiscate domain names the security firm was using for phishing awareness training. From a report: The case is a countersuit to a Facebook filing from November 30, 2020, when the social network used a UDRP (Uniform Domain-Name Dispute-Resolution) request to force domain name registrar Namecheap to hand over several domain names that were mimicking Facebook and Instagram brands. Among the listed domain names were the likes of facbook-login.com, facbook-login.net, instagrarn.ai, instagrarn.net, and instagrarn.org.

In court documents filed on Tuesday, Proofpoint said the UDRP should not apply to these domains, which it should be allowed to keep and continue using. Proofpoint argues that UDRP requests should only be used for domains registered in bad faith. The security firm instead says its use of the Facebook and Instagram lookalike domains “has been in good faith and for a legitimate purpose.” Proofpoint claims its phishing awareness tests are crucial for the security of its customers, but also for the security of Facebook itself, as the phishing awareness tests teach users to recognize Facebook and Instagram lookalike domains and phishing attacks — something that Facebook also benefits from, although indirectly.