Justice Department Announces Seizure of Stolen-Password Database Used in Bank Account Takeover Fraud

Fraud ring responsible for more than $28 million in unauthorized bank transfers from U.S. victims The Justice Department today announced the seizure of a web domain and database used in furtherance of a scheme to target and defraud Americans through bank account takeover fraud.The domain, web3adspanels.org, was used by those involved in the scheme as a backend web panel to store and manipulate illegally harvested bank login credentials. This domain seizure comes approximately one month after the FBI issued a Public Service Announcement relating to Account Takeover Fraud via Impersonation of Financial Institution Support. According to the affidavit filed in support of the domain seizure, the criminal group perpetrating the bank account takeover fraud delivered fraudulent advertisements through search engines, including Google and Bing. These fraudulent advertisements imitated the sponsored search engine advertisements used by legitimate banking entities. While the fraudulent advertisements appeared to send users to the websites of legitimate banks, victims were in fact redirected to fake bank websites controlled by the criminals. When victims entered their login credentials to access their bank accounts, the criminals harvested those credentials through a malicious software program embedded in the fake website. The criminals then used those bank credentials on the corresponding legitimate bank websites to access victims’ bank accounts and drain their funds. To date, the FBI has identified at least 19 victims throughout the United States, including two companies in the Northern District of Georgia, whose bank accounts have been compromised through this account takeover scheme, resulting in attempted losses of approximately $28 million dollars and actual losses of approximately $14.6 million dollars. The seized domain hosted a server that contained the stolen login credentials of thousands of victims, including the credentials of the victims mentioned above. Based on the FBI’s investigation, the seized domain continued to host a backend server used in furtherance of the bank account takeover fraud as recently as November 2025. Since January 2025, the FBI Internet Crime Complaint Center (IC3) received more than 5,100 complaints reporting bank account takeover fraud, with reported losses exceeding $262 million. The public is encouraged to stay vigilant, including by regularly monitoring financial accounts, using “Bookmarks” or “Favorites” for navigating to login websites and guarding against phishing attempts. A splash page on the web3adspanels.org website notifies visitors that the domain has been seized by law enforcement. This domain seizure disrupts the criminals’ ability to access the stolen credentials and utilize those credentials to steal bank account funds. According to foreign officials, Estonian law enforcement also preserved and collected data from servers hosting the phishing pages and the stolen login credentials used in furtherance of the scheme.