article featured image


Facebook is suing the suspects that took over the advertising agency employees’ accounts and managed to abuse the ad platform in order to run unauthorized or deceptive ads.

Facebook is believing that four Vietnamese nationals (Thêm Hữu Nguyễn, Lê Khang, Nguyễn Quốc Bảo, and Pham Hữu Dung) are the ones that managed to take over the accounts of multiple employees working at marketing and advertising agencies by putting to use a technique known as session theft or cookie theft.

The suit seeks to expose the full conduct of Thêm Hữu Nguyễn, Lê Khang, Nguyễn Quốc Bảo and Pham Hữu Dung’s and hold them accountable for creating the app, tricking people into installing it, compromising people’s Facebook accounts and then using those accounts to run deceptive ads. This is our second lawsuit against an account takeover attack.

Today’s legal actions demonstrate our ongoing commitment to protecting users, enforcing our policies and holding people accountable for abusing our services.


How Did the Attackers Manage to Steal the Sensitive Data?

The Facebook login credentials belonging to the victims were stolen using a malicious Android app called “Ads Manager for Facebook”, which was created by the perpetrators and is no longer available on Google Play Store.



The app worked by prompting the targets to enter their credentials and other sensitive information, in this way making room for the suspects to take over the accounts and run over $36 million worth of Facebook ads without authorization.

Facebook decided to refund the victims and also help them secure their accounts. The social network is looking to hold the attackers:

This is not the only lawsuit that Facebook is filing as the company is also going against the California marketing company N&J USA Incorporated for running a bait-and-switch advertising scheme on Facebook’s ad platform.

When someone clicked on one of these ads, they were redirected to third-party e-commerce websites to complete their purchase. After paying for an item, users either never received anything or received merchandise that was different or of a lesser quality than what had been advertised.


The social network giant has sued its ad platform abusers before, as back in 2019, Facebook sued one entity and two individuals for tricking its users into installing malware designed to help the attackers take over targets’ Facebook accounts for running ads promoting counterfeit goods and diet pills, via Facebook ads.

As part of our ongoing efforts to keep people safe and combat abuse of our ad platform, Facebook filed suit in California today against one entity and two individuals for violating our Terms and Advertising Policies. The defendants deceived people into installing malware available on the internet. This malware then enabled the defendants to compromise people’s Facebook accounts and run deceptive ads promoting items such as counterfeit goods and diet pills.


In March 2020, Facebook filed a lawsuit against the domain name registrar Namecheap and its Whoisguard proxy service for registering domain names that were aiming to deceive people by pretending to be affiliated with Facebook apps and were frequently used for phishing, fraud, and scams.

Another lawsuit worth mentioning was filed in October 2019 against domain name registrar OnlineNIC and its ID Shield privacy service for allowing the registration of lookalike domains used in malicious campaigns.

Author Profile

Dora Tudor

Cyber Security Enthusiast

linkedin icon

Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.