"While the fraudulent advertisements appeared to send users to the websites of legitimate banks, victims were in fact redirected to fake bank websites controlled by the criminals. When victims entered their login credentials to access their bank accounts, the criminals harvested those credentials through a malicious software program embedded in the fake website. The criminals then used those bank credentials on the corresponding legitimate bank websites to access victims' bank accounts and drain their funds."
"To date, the FBI has identified at least 19 victims throughout the United States, including two companies in the Northern District of Georgia, whose bank accounts have been compromised through this account takeover scheme, resulting in attempted losses of approximately $28 million dollars and actual losses of approximately $14.6 million dollars. The seized domain hosted a server that contained the stolen login credentials of thousands of victims, including the credentials of the victims mentioned above."
Authorities seized the domain web3adspanels.org and a backend database used to store and manipulate harvested bank login credentials. The criminal group delivered fraudulent search-engine advertisements on Google and Bing that imitated sponsored ads from legitimate banks. Victims were redirected to fake bank websites where embedded malicious software harvested login information. The criminals used those credentials on real bank sites to access and drain accounts. The FBI identified at least 19 victims across the United States, including two companies in the Northern District of Georgia, with attempted losses near $28 million and actual losses about $14.6 million. The seized server contained thousands of stolen credentials.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]