Meta, formerly known as Facebook, said on Monday it was suing people behind a phishing scheme to steal usernames and passwords on its platforms.

The lawsuit, filed in federal court in Northern California, says that since 2019, more than 39,000 websites have been created that have impersonated login pages for Facebook, Instagram, Messenger and WhatsApp. Meta doesn’t know who is behind the attack, but says it’s part of an effort to trick its users into entering their usernames and passwords.

The ruling highlights how the world’s largest social network is trying to tackle phishing, a practice in which attackers create fake websites or emails to try to trick people into providing their personal information.

“Reports of phishing attacks are on the rise across the industry and we are taking this step to uncover the identity of the people behind the attack and stop their harmful behavior,” said Jessica Romero , Director of Platform and Litigation at Meta, in a blog. Publish.

In July, the Anti-Phishing Working Group said it recorded 260,642 phishing attacks, the highest monthly total in the group’s history of reports. Phishing attacks have doubled since 2020, according to the group’s report.

The anonymous defendants were able to conceal their identities by using services provided by San Diego-based technology company Ngrok “to relay Internet traffic to their phishing websites in a way that obscures where their websites are hosted,” indicates the 21-page trial. The company alleges in the lawsuit that the defendants violated the social network’s terms of service, California anti-phishing law and a federal law prohibiting trademark infringement.

Ngrok did not immediately respond to a request for comment.

The lawsuit included screenshots of login pages that looked the same as login pages for Facebook, Instagram, Messenger, and WhatsApp, but used Ngrok URLs. Some of the bogus websites were in English and Italian. The lawsuit does not say how many people were tricked into providing their personal information.