Proofpoint drops lawsuit, transfers phishing domains to Facebook

Cyber-security firm Proofpoint has dismissed its lawsuit against Facebook and has agreed to transfer a series of disputed web domains to the social networking giant, The Record has learned today.

The domains were previously part of ProofPoint's phishing awareness training platform ThreatSim.

Registered years before and mimicking Facebook and Instagram brands, Proofpoint had been using the domains as part of phishing tests it conducted against its customers' employees.

In November 2020, Facebook learned of these domains and filed a UDRP (Uniform Domain-Name Dispute-Resolution) request in order to force domain name registrar Namecheap to hand over the domains into Facebook's possession, arguing that the domains were infringing on its trademarked brands.

This included requests for facbook-login.com, facbook-login.net, instagrarn.ai, instagrarn.net, and instagrarn.org, among others.

In February 2021, Proofpoint filed a countersuit arguing that it should be allowed to keep using the domains, as they were not registered in bad faith and were being used in a non-malicious manner.

As legal experts pointed at the time, Proofpoint had very small chances of success as this was a clear case of trademark infringement.

While a motion to dismiss the case was filed last week, The Record learned that the matter had been actually settled since June when Proofpoint began privately emailing its customers to notify them about the domain ownership change.

Both Facebook and Proofpoint declined to comment on the matter, citing the ongoing legal case.