Meta is trying to find the people who created more than 39,000 phishing sites

The company filed a lawsuit in California to uncover the identities of those behind the attacks.

Sponsored Links

Igor Bonifacic
December 20th, 2021
In this article: lawsuit, news, gear, internet, phishing, web, Meta, Facebook
Cars drive past a sign of Meta, the new name for the company formerly known as Facebook, at its headquarters in Menlo Park, California, U.S. October 28, 2021. REUTERS/Carlos Barria     TPX IMAGES OF THE DAY
Carlos Barria / reuters

Meta is taking legal action to disrupt a large-scale phishing campaign. On Monday, the company filed a federal lawsuit to “uncover the identities” of a group of people that created more than 39,000 websites designed to trick Facebook, Instagram and WhatsApp users into coughing up their login credentials.

The company says the scammers used relay service Ngrok to redirect people to their websites in a way that allowed them to hide their actions. “This enabled them to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants,” Meta said. Starting this past March, the company began working with the relay service to suspend “thousands” of URLs linked to the campaign.

This isn’t the first time has used the threat of legal action to try and stop a phishing campaign. In 2019 and 2020, the company filed lawsuits against OnlineNIC and Namecheap, two domain name registrars that had allowed cybersquatters to claim domains like and However, the scale of this campaign would appear to dwarf the ones OnlineNIC and Namecheap enabled. When Meta sued the latter company in 2020, it said it had registered 45 domains that were explicitly made to confuse people.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget