The U.S. Department of Justice has announced a major disruption of a bank account takeover fraud operation that led to more than $28 million in unauthorized bank transfers from victims across the United States. Federal authorities seized a web domain and its supporting database that played a central role in helping criminals steal bank login details and drain victim accounts.
The seized domain, web3adspanels.org, was used as a backend control panel to store and manage stolen login credentials. According to investigators, the domain supported an organized scheme that targeted Americans through advanced impersonation scams and phishing advertisements designed to look like legitimate bank services.
How the Bank Account Takeover Fraud Worked
Court documents reveal that the criminal group relied heavily on fraudulent search engine advertisements. These phishing advertisements appeared on popular platforms such as Google and Bing and closely mimicked sponsored ads from real financial institutions.
When users clicked on these fraudulent search ads, they believed they were visiting their bank’s official website. In reality, they were redirected to fake bank websites controlled by the attackers. Once victims entered their usernames and passwords, malicious software embedded in the fake pages captured those details in real time.
The stolen login credentials were then used to access legitimate bank accounts. From there, the criminals initiated unauthorized bank transfers, effectively draining funds before victims realized their accounts had been compromised.
Investigators confirmed that the seized domain continued hosting stolen credentials and backend infrastructure as recently as November 2025.
Financial Impact and Victims Identified
So far, the FBI has identified at least 19 confirmed victims across multiple U.S. states. This includes two businesses located in the Northern District of Georgia. The scheme resulted in attempted losses of approximately $28 million, with actual confirmed losses reaching around $14.6 million.
The server linked to the seized domain contained thousands of stolen login credentials, suggesting that the total number of affected individuals and organizations could be significantly higher. Authorities believe the web domain seizure has cut off the criminals’ ability to access and exploit this sensitive data.
Rising Threat Highlighted by FBI IC3 Data
Since January 2025, the FBI’s Internet Crime Complaint Center (IC3) has received more than 5,100 complaints related to bank account takeover fraud. Reported losses from these incidents now exceed $262 million nationwide.
In response, the FBI has issued public warnings urging individuals and businesses to remain vigilant. Recommended steps include closely monitoring financial accounts, using saved bookmarks instead of search engine links to access banking websites, and staying alert for impersonation scams and phishing attempts.
International Cooperation and Ongoing Investigation
The investigation is being led by the FBI Atlanta Field Office, with prosecutors from the U.S. Attorney’s Office for the Northern District of Georgia and the Justice Department’s Computer Crime and Intellectual Property Section (CCIPS). International partners played a critical role, including law enforcement agencies from Estonia and Georgia.
Estonian authorities preserved and collected key evidence from servers hosting the phishing pages and stolen login credentials. The Department of Justice’s Office of International Affairs also provided substantial assistance, highlighting the importance of cross-border cooperation in tackling cybercrime.
Since 2020, CCIPS has secured convictions against more than 180 cybercriminals and obtained court orders returning over $350 million to victims. Officials say the seizure of web3adspanels.org represents another important step in disrupting global cyber fraud networks and protecting victims from future financial harm.
