The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of a bank account takeover scheme.
The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website are now greeted by a seizure banner that says the domain was taken down in an international law enforcement operation led by authorities from the U.S. and Estonia.
“The criminal group perpetrating the bank account takeover fraud delivered fraudulent advertisements through search engines, including Google and Bing,” the DoJ said. “These fraudulent advertisements imitate the sponsored search engine advertisements used by legitimate banking entities.”
The ads served as a conduit to redirect unsuspecting users to fake bank websites operated by the threat actors, who harvested login credentials entered by victims through an unspecified malicious software program built into the sites. The stolen credentials were then used by the criminals to sign into legitimate bank websites to take over victims’ accounts and drain their funds.
The scheme is estimated to have claimed 19 victims across the U.S. to date, including two companies in the Northern District of Georgia, leading to attempted losses of approximately $28 million and actual losses of approximately $14.6 million.
The DoJ said the confiscated domain stored the stolen login credentials of thousands of victims, in addition to hosting a backend server to facilitate takeover fraud as recently as last month.
According to information shared by the U.S. Federal Bureau of Investigation (FBI), the Internet Crime Complaint Center (IC3) has received more than 5,100 complaints related to bank account takeover fraud since January 2025, with reported losses upwards of $262 million.
Users are advised to exercise caution when sharing about themselves online or on social media; regularly monitor accounts for any financial irregularities; use unique, complex passwords; ensure the correctness of banking website URLs before signing in; and stay vigilant against phishing attacks or suspicious callers.
