Authorities shut down web3adspanels.org, a backend database that stored thousands of stolen U.S. bank credentials harvested through fake search engine ads.
The seizure, announced in late December 2025, halts an operation that successfully stole at least $14.6 million from U.S. victims and attempted to transfer nearly $28 million in total.
Key Facts at a Glance
- Domain Seized: web3adspanels.org
- The Scam: Criminals used fake search ads to mimic banks, leading victims to phishing sites.
- Financial Impact: $14.6 million stolen; $28 million attempted.
- Victims: At least 19 identified U.S. victims, including businesses, though the database held credentials for thousands more.
- International Aid: Estonian law enforcement helped preserve server data to aid the investigation.
How the Phishing Scam Worked
The fraudsters relied on a technique known as “search engine phishing.” The group purchased advertisements on major search engines like Google and Bing, designing them to look exactly like legitimate customer support or login links for major financial institutions.
When users searched for their bank and clicked these sponsored ads, they were redirected to look-alike phishing websites. Once the victims entered their usernames and passwords, the site secretly captured the data. The criminals then used these stolen credentials to perform Account Takeovers (ATO), logging into the real banking portals to initiate wire transfers and drain funds into cryptocurrency wallets.
The Role of the Seized Domain
While the phishing sites collected the data, web3adspanels.org served as the central storage locker. Investigators discovered that the domain hosted a database containing thousands of stolen login sets. Criminals accessed this panel to view victims’ passwords and coordinate the theft of funds.
The infrastructure remained active as recently as November 2025. Visitors to the site now see a seizure banner indicating that the domain is under the control of the FBI and the U.S. Attorney’s Office for the Northern District of Georgia.
A Surge in Banking Fraud
This takedown occurs during a record-breaking year for digital banking fraud. The FBI’s Internet Crime Complaint Center (IC3) reports that since January 2025, there have been over 5,100 complaints regarding account takeovers, with total losses exceeding $262 million.
This operation highlights a specific trend where scammers impersonate bank support teams or use “spoofed” search results to bypass security measures like Multi-Factor Authentication (MFA).
How to Protect Yourself
Law enforcement warns that search engine results are no longer a safe way to find your bank’s login page. To avoid falling victim to similar schemes:
- Stop Clicking Ads: Deeply verify “Sponsored” links in search results before clicking. Or use AdBlock!
- Use Bookmarks: Only access your bank via a saved bookmark or by typing the URL directly into your browser.
- Enable Alerts: Set up transaction alerts to notify you immediately of suspicious activity.
- Report Fraud: If you suspect your account has been compromised, contact your bank immediately and file a complaint at ic3.gov.
