Expand / Collapse search

FBI seizes website linked to fake bank ads in $28M fraud scheme

By FOX 5 Atlanta Digital Team
Published  December 22, 2025 8:26pm EST
Data Breaches
FOX 5 Atlanta

The Brief

    • FBI seized a fraud-linked website used to steal bank logins, targeting victims nationwide, including companies in North Georgia.
    • Fake Google and Bing ads redirected victims to spoofed bank sites, enabling criminals to drain accounts using stolen credentials.
    • Investigators tied the scheme to $28 million in attempted losses and confirmed the server was active as recently as November 2025.

ATLANTA - Federal authorities seized a website and stolen password database tied to a bank account takeover scheme that targeted victims nationwide, including companies in North Georgia, according to a Justice Department announcement released Monday.

What we know:

The seizure centers on the domain web3adspanels.org, which investigators say was used as a backend control panel to store and manipulate illegally obtained bank login credentials. The action comes about one month after the FBI issued a public warning about account takeover fraud involving criminals impersonating financial institution support services.

According to court records, the criminal group behind the scheme placed fraudulent advertisements through search engines, including Google and Bing. The ads were designed to look like sponsored links from legitimate banks. Instead of directing users to real bank websites, the ads sent victims to fake sites controlled by the criminals.

When victims entered their login information, malicious software embedded in the fake websites captured the credentials. Investigators say the criminals then used that information to access legitimate bank accounts and move money out of them.

The FBI has identified at least 19 victims across the United States, including two companies in the Northern District of Georgia. Authorities said the scheme led to about $28 million in attempted losses and roughly $14.6 million in actual losses.

Investigators said the seized domain hosted a server containing stolen login credentials for thousands of victims, including those already identified. The FBI determined the server was still being used to support the fraud as recently as November 2025.

What they're saying:

Since January 2025, the FBI Internet Crime Complaint Center has received more than 5,100 complaints related to bank account takeover fraud, with reported losses topping $262 million. Federal officials urged the public to remain cautious by closely monitoring financial accounts, using saved bookmarks or favorites to reach banking websites, and watching for phishing attempts.

Visitors to web3adspanels.org are now met with a law enforcement notice stating the domain has been seized. Authorities said taking control of the site disrupts the criminals’ ability to access stolen credentials and carry out additional thefts.

The investigation involves international cooperation. Officials said Estonian law enforcement preserved and collected data from servers hosting the phishing pages and stolen credentials tied to the scheme.

Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division, U.S. Attorney Theodore S. Hertzberg for the Northern District of Georgia, and Paul Brown, special agent in charge of the FBI Atlanta Field Office, announced the seizure.

The FBI Atlanta Field Office is leading the investigation. The case is being prosecuted by a trial attorney from the Justice Department’s Computer Crime and Intellectual Property Section and an assistant U.S. attorney from the Northern District of Georgia.

The Source: The U.S. Attorney's Office for the Northern District of Georgia provided the details for this article. 

Data BreachesNewsAtlanta