top of page
Search

U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme

  • Dec 23, 2025
  • 2 min read

Key Findings


  • The U.S. Justice Department (DoJ) seized the domain web3adspanels[.]org, which was used as a backend web panel to host and manipulate illegally harvested bank login credentials.

  • The criminal group behind the scheme used fraudulent advertisements on search engines like Google and Bing to redirect users to fake bank websites, where their login credentials were harvested through malicious software.

  • The stolen credentials were then used by the criminals to access victims' bank accounts and drain their funds, resulting in attempted losses of approximately $28 million and actual losses of approximately $14.6 million.

  • The confiscated domain stored the stolen login credentials of thousands of victims and hosted a backend server to facilitate the takeover fraud as recently as last month.

  • The FBI's Internet Crime Complaint Center (IC3) has received more than 5,100 complaints related to bank account takeover fraud since January 2025, with reported losses upwards of $262 million.


Background


The U.S. Department of Justice (DoJ) announced the seizure of a web domain and database that was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud.


Fraudulent Search Engine Advertisements


The criminal group perpetrating the bank account takeover fraud delivered fraudulent advertisements through search engines, including Google and Bing. These fraudulent advertisements imitated the sponsored search engine advertisements used by legitimate banking entities, serving as a conduit to redirect unsuspecting users to fake bank websites operated by the threat actors.


Stolen Login Credentials and Account Takeover


The stolen login credentials were then used by the criminals to sign into legitimate bank websites to take over victims' accounts and drain their funds. The scheme is estimated to have claimed 19 victims across the U.S. to date, including two companies in the Northern District of Georgia, leading to attempted losses of approximately $28 million and actual losses of approximately $14.6 million.


Seizure of Domain and Backend Server


The confiscated domain, web3adspanels[.]org, stored the stolen login credentials of thousands of victims and hosted a backend server to facilitate the takeover fraud as recently as last month.


Surge in Bank Account Takeover Fraud


According to information shared by the U.S. Federal Bureau of Investigation (FBI), the Internet Crime Complaint Center (IC3) has received more than 5,100 complaints related to bank account takeover fraud since January 2025, with reported losses upwards of $262 million.


Advice for the Public


Users are advised to exercise caution when sharing about themselves online or on social media; regularly monitor accounts for any financial irregularities; use unique, complex passwords; ensure the correctness of banking website URLs before signing in; and stay vigilant against phishing attacks or suspicious callers.


Sources


  • https://thehackernews.com/2025/12/us-doj-seizes-fraud-domain-behind-146.html

  • https://securityonline.info/search-engine-malvertising-ring-disrupted-doj-seizes-backend-of-14-6-million-bank-fraud-scheme/

  • https://www.linkedin.com/posts/cyber-news-live_us-doj-seizes-fraud-domain-behind-146-activity-7409287809800232960-lyT6

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page