The U.S. Department of Justice has disclosed dismantling web3adspanels[.]org domain and database powering a nearly $14.6 million bank account takeover scheme, as part of an international law enforcement operation co-led with Estonia, reports The Hacker News.
Malicious ads spoofing legitimate banking firms' search engine ads have been leveraged by the cybercrime group to redirect targets to counterfeit banking sites, which then obtained user credentials for subsequent account hijacking and fund draining activities, according to the Justice Department.
Thousands of victims' login credentials have been discovered within the sequestered domain, which also hosted a backend server enabling takeover fraud. Over 5,100 bank account takeover-related complaints resulting in losses exceeding $262 million have been filed with the FBI's Internet Crime Complaint Center since January.
Mounting bank account takeovers should prompt regular account tracking, increased vigilance against phishing intrusions, and more secure passwords.
Malicious ads spoofing legitimate banking firms' search engine ads have been leveraged by the cybercrime group to redirect targets to counterfeit banking sites, which then obtained user credentials for subsequent account hijacking and fund draining activities, according to the Justice Department.
Thousands of victims' login credentials have been discovered within the sequestered domain, which also hosted a backend server enabling takeover fraud. Over 5,100 bank account takeover-related complaints resulting in losses exceeding $262 million have been filed with the FBI's Internet Crime Complaint Center since January.
Mounting bank account takeovers should prompt regular account tracking, increased vigilance against phishing intrusions, and more secure passwords.




