FBI takes down phishing toolkit
U.S. authorities dismantled the ‘W3LL’ phishing kit that allegedly helped criminals bypass multi‑factor authentication and compromised more than 25,000 accounts worldwide. The takedown follows investigations showing millions stolen from over 17,000 victims, highlighting the continuing threat from turnkey fraud tools. (economictimes.indiatimes.com (timesofindia.indiatimes.com)
The Federal Bureau of Investigation and Indonesian police have dismantled the “W3LL” phishing operation and detained its alleged developer in Indonesia. (fox5atlanta.com) Phishing works by copying a real sign-in page so a victim types in a password on a fake one instead. Investigators said W3LL sold that trick as a ready-made service for about $500. (fbi.gov) (fox5atlanta.com) The kit did more than collect usernames and passwords. Authorities said it also captured session data, which can let an attacker slip past multi-factor authentication, the extra code check sent by phone or email. (economictimes.indiatimes.com) (ic3.gov) Investigators said the tool was sold through an online marketplace called W3LLSTORE from 2019 to 2023. That marketplace facilitated sales of more than 25,000 compromised accounts before the operation moved to encrypted messaging apps in 2023. (fox5atlanta.com) (economictimes.indiatimes.com) From 2023 to 2024, the phishing kit was used to target more than 17,000 victims worldwide, according to the Federal Bureau of Investigation’s Atlanta field office. The agency linked the network to more than $20 million in attempted fraud. (wsbtv.com) (fox5atlanta.com) The case shows how cybercrime has been packaged into a storefront model: one group builds the tool, another group buys access, and victims may never see the same fake page twice. Group-IB, a cybersecurity firm that tracked W3LL earlier, described it as part of a broader business-email-compromise ecosystem built around phishing. (group-ib.com) Federal investigators said the seizure included domains and other infrastructure that kept the service running. The Federal Bureau of Investigation’s Atlanta office said the operation was the first coordinated action with Indonesia aimed at a phishing-kit developer. (fox5atlanta.com) (economictimes.indiatimes.com) “This wasn’t just phishing—it was a full-service cybercrime platform,” Special Agent in Charge Marlo Graham of the Federal Bureau of Investigation in Atlanta said. The bureau said victims and companies can report phishing and related fraud through the Internet Crime Complaint Center at IC3. (wsbtv.com) (ic3.gov)
