"The US says it has shut down a platform used by cybercriminals to break into Americans' bank accounts. A law enforcement splash page now appears when trying to reach web3adspanels.org, which supported SEO poisoning campaigns designed to steal people's bank account credentials. Criminals would pay for prime slots in search engine results, serving users seemingly legitimate banking websites that were actually fakes."
"From there, unwitting users entered their passwords, which were dumped into a database, but they would never reach their account. The Justice Department described the role of web3adspanels.org as a platform on which criminals would store and manipulate these credentials, which they would then use in attempts to access bank accounts and authorize illegal transfers. Prosecutors tied $28 million worth of attempted illegal transfers to web3adspanels, with the total of actual losses estimated at $14.6 million."
Law enforcement disabled web3adspanels.org, a platform that supported SEO poisoning campaigns which placed fake banking websites in search results to harvest credentials. Stolen passwords were dumped into a database and later used to attempt account access and authorize illegal transfers. Prosecutors linked $28 million in attempted transfers and estimated $14.6 million in actual losses tied to the platform. The FBI identified at least 19 victims in this scheme, while the IC3 has received over 5,100 related complaints this year with reported losses exceeding $262 million. The exact methods for bypassing MFA were not detailed; social engineering and one-time passcode theft were implicated.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]