The U.S. Department of Justice has successfully dismantled a fraudulent web domain used to orchestrate a massive bank account takeover operation. The domain, known as web3adspanels.org, served as a hub for cybercriminals who successfully stole approximately $14.6 million from victims across the United States. Federal authorities noted that the scheme attempted to steal a total of $28 million before law enforcement intervened. This action highlights the government's ongoing efforts to disrupt the digital infrastructure used by financial predators.
The fraudulent operation relied on sophisticated social engineering tactics to deceive internet users. Criminals placed malicious advertisements on popular search engines like Google and Bing that appeared to be legitimate links to financial institutions. When unsuspecting users clicked these ads, they were redirected to counterfeit banking portals designed to look identical to real login pages. Once victims entered their credentials, the criminals used malicious software to capture the data and gain full access to the victims' private bank accounts.
Investigation into the scheme was led by the FBI’s Atlanta Field Office, which identified at least 19 specific victims directly impacted by this particular domain. The broader context of the investigation is even more staggering, as the FBI’s Internet Crime Complaint Center has recorded over 5,100 similar reports since the start of 2025. These collective incidents have resulted in more than $262 million in reported losses, signaling a sharp rise in the prevalence and success of account takeover fraud targeting both individuals and businesses.
GET 50% Discount for VPN/ANTIVIRUS SOFTWARE AT 911Cyber - CODE: bit5025
International cooperation played a vital role in the success of this seizure and the gathering of evidence. Law enforcement officials in Estonia assisted U.S. authorities by collecting and preserving critical data from servers that hosted the phishing pages. This collaboration allowed investigators to confirm that the seized domain contained stolen login information for thousands of potential victims and remained active as recently as November 2025. The global nature of the investigation underscores the necessity of cross-border partnerships in fighting cybercrime.
Department of Justice officials emphasized that seizing the domain is a critical step in breaking the operational cycle of these criminal groups. Acting Assistant Attorney General Matthew R. Galeotti and U.S. Attorney Theodore S. Hertzberg stated that this intervention protects the public by removing the tools used to facilitate theft. They reaffirmed their commitment to using every available domestic and international resource to track down those responsible and prevent further financial victimization of American citizens.
Source: Seized Domain Hosted Fake Bank Websites Tied To 28 Million In Fraudulent Transfers