US shuts down phisherfolk’s $14.6M password-hoarding platform
Summary
The US Department of Justice and law enforcement have seized web3adspanels.org, a platform used by criminals to harvest and store banking credentials via SEO poisoning campaigns. Attackers bought prime search-result placements that directed victims to convincing fake banking sites; credentials entered there were dumped into the platform’s database and later used in account takeover attempts. Prosecutors linked about $28m in attempted illegal transfers to the service and estimate actual losses of $14.6m. The FBI says it knows of at least 19 victims tied to this scheme, while the IC3 has logged over 5,100 related complaints this year, with reported losses exceeding $262m.
Key Points
- web3adspanels.org was seized after being used to store and manipulate stolen bank credentials from SEO-poisoning phishing pages.
- Victims were lured to seemingly legitimate bank sites placed high in search results; credentials submitted there were captured but victims could not access their accounts.
- Prosecutors tied roughly $28m in attempted transfers to the platform and estimate $14.6m in actual losses.
- The FBI is aware of at least 19 victims of this scheme; IC3 reports show the broader problem is far larger with thousands of complaints and hundreds of millions in losses this year.
- Attackers frequently use social engineering to obtain MFA codes or one-time passcodes, then transfer funds to accounts they control and convert proceeds to crypto to hinder tracing.
Context and relevance
This takedown highlights that account takeover remains a major, evolving threat: criminals are combining SEO manipulation, convincing fake sites and social engineering to bypass protections. The case also underscores gaps in public reporting about how multi-factor authentication is being defeated in practice — a critical detail for security teams and banks. For organisations and individuals, it reinforces the need to adopt stronger authentication methods (for example, passkeys), improve monitoring for suspicious transfers and educate users about fake search results and social-engineering ploys.
Why should I read this?
Quick and blunt: if you look after security or your own bank balance, this matters. It’s not just another phishing story — it’s a reminder that crooks are paying to game search results and then stealing MFA codes to empty accounts. Read this so you know the playbook and can take simple, practical steps to reduce risk.