Meta is taking legal action to disrupt a large-scale phishing campaign. On Monday, the company to “uncover the identities” of a group of people that created more than 39,000 websites designed to trick Facebook, Instagram and WhatsApp users into coughing up their login credentials.
The company says the scammers used relay service Ngrok to redirect people to their websites in a way that allowed them to hide their actions. “This enabled them to conceal the true location of the phishing websites, and the identities of their online hosting providers and the defendants,” Meta said. Starting this past March, the company began working with the relay service to suspend “thousands” of URLs linked to the campaign.
This isn’t the first time has used the threat of legal action to try and stop a phishing campaign. In 2019 and 2020, the company filed lawsuits against and , two domain name registrars that had allowed cybersquatters to claim domains like instagrambusinesshelp.com and whatsappdownload.site. However, the scale of this campaign would appear to dwarf the ones OnlineNIC and Namecheap enabled. When Meta sued the latter company in 2020, it said it had registered 45 domains that were explicitly made to confuse people.