The U.S. Department of Justice (DoJ) on Monday announced the seizure of web domains and databases it said were used to facilitate a criminal scheme aimed at targeting and defrauding Americans through bank account takeover fraud.
The domain in question, web3adspanels[.]org was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users of the website are currently seeing a seizure banner indicating that the domain has been removed in an international law enforcement operation led by authorities in the United States and Estonia.
“The criminal group that carried out the bank account takeover scam served fraudulent advertisements through search engines such as Google and Bing,” the Justice Department said. “These fraudulent ads mimic sponsored search engine ads used by legitimate banking companies.”
The ad served as a conduit to redirect unsuspecting users to a fake banking website run by the attackers, who collected login credentials entered by victims through an unspecified malicious software program embedded on the site. The criminals then used the stolen credentials to sign into legitimate banking websites, take over the victim’s accounts, and drain funds.
The scheme is estimated to have resulted in 19 victims across the United States, including two companies in the Northern District of Georgia, resulting in approximately $28 million in attempted losses and approximately $14.6 million in actual losses.
The seized domain contained stolen login credentials for thousands of victims and also hosted backend servers that facilitated a takeover scam as recently as last month, the Justice Department said.
According to information shared by the Federal Bureau of Investigation (FBI), since January 2025, the Internet Crime Complaint Center (IC3) has received more than 5,100 complaints related to bank account takeover fraud, with losses reported exceeding $262 million.
Users are advised to be careful when sharing about themselves online and on social media. Regularly monitor your accounts for accounting irregularities. Use unique and complex passwords. Make sure the URL of your bank website is correct before signing in. Always be on guard against phishing attacks and suspicious callers.
Source link
