Meta is trying to find the people who created more than 39,000 phishing sites

The company filed a lawsuit in California to uncover the identities of those behind the attacks.

Carlos Barria / reuters

Meta is taking legal action to disrupt a large-scale phishing campaign. On Monday, the company filed a federal lawsuit to “uncover the identities” of a group of people that created more than 39,000 websites designed to trick Facebook, Instagram and WhatsApp users into coughing up their login credentials.

The company says the scammers used relay service Ngrok to redirect people to their websites in a way that allowed them to hide their actions. “This enabled them to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants,” Meta said. Starting this past March, the company began working with the relay service to suspend “thousands” of URLs linked to the campaign.

This isn’t the first time has used the threat of legal action to try and stop a phishing campaign. In 2019 and 2020, the company filed lawsuits against OnlineNIC and Namecheap, two domain name registrars that had allowed cybersquatters to claim domains like and However, the scale of this campaign would appear to dwarf the ones OnlineNIC and Namecheap enabled. When Meta sued the latter company in 2020, it said it had registered 45 domains that were explicitly made to confuse people.

This article contains affiliate links; if you click such a link and make a purchase, we may earn a commission.