The FBI in Atlanta and Indonesian police worked jointly to shut down a scam network, which was allegedly stealing user information and allowing cyber criminals to deploy fake websites, stealing millions from the users by sending fake verification codes.
How this scam tricked millions?
The operation used a "full-service" kit to steal usernames and bypass security on thousands of accounts worldwide, as reported by the Times of India. The operation centered on a tool called the "W3LL phishing kit".
This cybercrime platform, according to the Times of India, allowed criminals to impersonate legitimate login pages to trick victims into handing over their usernames and passwords.
Also Read | 'Don't care if they come back': Trump reacts sharply after US-Iran talks collapse
User data compromised
When victims typed in their usernames and passwords, the tool reportedly captured that information. It also grabbed session data, which let criminals get around multi-factor authentication, the security feature that sends a second verification code to a user’s phone or email.
For a fee of about $500, users could purchase access to the kit and deploy fake websites designed to look nearly identical to trusted portals.
The tool was reportedly supported by an online marketplace called "W3LLSTORE." Between 2019 and 2023, the marketplace facilitated the sale of more than 25,000 compromised accounts. Even after the store shut down in 2023, the operation continued through encrypted messaging apps where the tool was rebranded.
Between 2023 and 2024, the kit was used to target 17,000+ victims worldwide, as per reports. On April 10, the alleged developer (identified only as "G.L.") was detained in Indonesia, and the infrastructure was seized.
Authorities have not released the full name of the alleged developer, identifying them only as G.L.It is also reportedly unclear how many individual victims in Georgia were specifically targeted by the 17,000 global phishing attempts recorded between 2023 and 2024.
"This wasn’t just phishing, it was a full-service cybercrime platform," said FBI Atlanta Special Agent in Charge Marlo Graham. "We will continue to work with our domestic and foreign law enforcement partners, using all available tools to protect the public."
Global scam numbers speak volumes
The amount of fraud attempts linked to the network is reportedly $20 million. $500 was the cost for a criminal to purchase access to the phishing kit.
About 25,000 compromised accounts were reportedly sold through the W3LLSTORE marketplace, and 17,000 victims were targeted worldwide between 2023 and 2024.
Also Read | Why Trump wants a Hormuz blockade — and how will it hit India?
What lies ahead?
The takedown reportedly cuts off a major resource used by cybercriminals. This is the first time US and Indonesian authorities have taken coordinated action against a phishing kit developer. The US Attorney’s Office for the Northern District of Georgia was involved in identifying and seizing the operation’s infrastructure.
