US disrupts multimillion-dollar bank account takeover operation targeting Americans

Steven

US disrupts multimillion-dollar bank account takeover operation targeting Americans

Summary

The US Department of Justice seized the domain web3adspanels.org and an associated database used as a control panel for a large bank account takeover (BAT) operation. Criminals bought fraudulent search ads on major engines to direct victims to fake bank login pages, harvested credentials via embedded malicious code, and used those details to drain accounts. Investigators have identified at least 19 victims so far, with attempted losses around $28 million and confirmed losses of about $14.6 million. The seized site hosted credentials for thousands and remained active as recently as November 2025.

Key Points

  • DOJ seized the web domain and database used to manage stolen bank credentials.
  • The fraud used paid search ads on Google and Bing that mimicked legitimate bank links to lure victims.
  • Fake login pages captured credentials via malicious code and enabled account takeover and fund theft.
  • At least 19 identified victims: ~ $28 million in attempted losses and ~$14.6 million confirmed lost.
  • The seized site held credentials for thousands and was active up to November 2025.
  • The action forms part of a wider US crackdown on BAT fraud; the FBI’s IC3 logged over 5,100 complaints since January 2025 with losses exceeding $262 million.
  • Visitors to the domain now see a law enforcement seizure splash page, disrupting the criminals’ control panel and future thefts.

Content summary

The scheme operated by buying deceptive sponsored search results that looked like official bank pages. When users clicked, they were routed to convincing counterfeit sites where login details were harvested by hidden code. Attackers then used those credentials to access real accounts and siphon funds. The DOJ’s seizure of the domain and database both interrupts the infrastructure criminals used to organise and monetise the stolen credentials and prevents further immediate misuse. The takedown is framed as part of escalating US enforcement against bank account takeover schemes, which have surged across the country.

Context and relevance

This incident highlights how search-ad abuse and phishing continue to be effective at scale. It ties into broader trends: fraudsters are increasingly professionalising (centralised control panels, credential databases) and leveraging mainstream ad platforms to reach victims. For banks, security teams and consumers, it underlines the limits of relying on link appearance alone and the importance of multi-factor authentication, rapid fraud detection, and public–private cooperation to take down criminal infrastructure.

Author’s take

Punchy and straightforward: this is a big win for law enforcement because it dismantles a central piece of infrastructure that let crooks manage stolen credentials and cash out at scale. If you care about fraud trends or run online services, the tactics used here are worth noting — they’re scalable and very profitable for criminals until they’re cut off.

Why should I read this?

Because it shows exactly how slick criminals are using legitimate ad channels to impersonate banks and steal cash — and how a targeted seizure can blunt that attack. Quick read, helps you spot the danger and think about practical protections for customers or staff.

Source

Source: https://therecord.media/us-disrupts-bank-account-takeover-operation-web3adspanels