FBI takes down website that stole millions from internet users across the world
The FBI Atlanta Field Office and Indonesian law enforcement authorities dismantled a sophisticated global phishing operation that enabled cybercriminals to steal thousands of victims’ account credentials and attempt more than $20 million in fraud. The operation used a "full-service" kit to steal usernames and bypass security on thousands of accounts worldwide.
The operation centered on a tool called the " W3LL phishing kit ." This cybercrime platform allowed criminals to impersonate legitimate login pages to trick victims into handing over their usernames and passwords. When victims typed in their usernames and passwords, the tool captured that information. It also grabbed session data, which let criminals get around multi-factor authentication, the security feature that sends a second verification code to a user’s phone or email. For a fee of about $500, users could purchase access to the kit and deploy fake websites designed to look nearly identical to trusted portals.
The tool was supported by an online marketplace called "W3LLSTORE." Between 2019 and 2023, the marketplace facilitated the sale of more than 25,000 compromised accounts. Even after the store shut down in 2023, the operation continued through encrypted messaging apps where the tool was rebranded.
Between 2023–2024, the kit was used to target 17,000+ victims worldwide. On April 10, the alleged developer (identified only as "G.L.") was detained in Indonesia and the infrastructure was seized. Authorities have not released the full name of the alleged developer, identifying them only as G.L.It is also unclear how many individual victims in Georgia were specifically targeted by the 17,000 global phishing attempts recorded between 2023 and 2024.
"This wasn’t just phishing—it was a full-service cybercrime platform," said FBI Atlanta Special Agent in Charge Marlo Graham. "We will continue to work with our domestic and foreign law enforcement partners, using all available tools to protect the public."
Global online scam by the numbers
$20 million: The amount of fraud attempts linked to the network.
$500: The cost for a criminal to purchase access to the phishing kit.
25,000: The number of compromised accounts sold through the W3LLSTORE marketplace.
17,000: The number of victims targeted worldwide between 2023 and 2024.
What's next
The takedown cuts off a major resource used by cybercriminals. This is the first time U.S. and Indonesian authorities have taken coordinated action against a phishing kit developer. The U.S. Attorney’s Office for the Northern District of Georgia was involved in identifying and seizing the operation’s infrastructure.
The operation centered on a tool called the " W3LL phishing kit ." This cybercrime platform allowed criminals to impersonate legitimate login pages to trick victims into handing over their usernames and passwords. When victims typed in their usernames and passwords, the tool captured that information. It also grabbed session data, which let criminals get around multi-factor authentication, the security feature that sends a second verification code to a user’s phone or email. For a fee of about $500, users could purchase access to the kit and deploy fake websites designed to look nearly identical to trusted portals.
The tool was supported by an online marketplace called "W3LLSTORE." Between 2019 and 2023, the marketplace facilitated the sale of more than 25,000 compromised accounts. Even after the store shut down in 2023, the operation continued through encrypted messaging apps where the tool was rebranded.
Between 2023–2024, the kit was used to target 17,000+ victims worldwide. On April 10, the alleged developer (identified only as "G.L.") was detained in Indonesia and the infrastructure was seized. Authorities have not released the full name of the alleged developer, identifying them only as G.L.It is also unclear how many individual victims in Georgia were specifically targeted by the 17,000 global phishing attempts recorded between 2023 and 2024.
"This wasn’t just phishing—it was a full-service cybercrime platform," said FBI Atlanta Special Agent in Charge Marlo Graham. "We will continue to work with our domestic and foreign law enforcement partners, using all available tools to protect the public."
Global online scam by the numbers
$20 million: The amount of fraud attempts linked to the network.
$500: The cost for a criminal to purchase access to the phishing kit.
25,000: The number of compromised accounts sold through the W3LLSTORE marketplace.
17,000: The number of victims targeted worldwide between 2023 and 2024.
What's next
The takedown cuts off a major resource used by cybercriminals. This is the first time U.S. and Indonesian authorities have taken coordinated action against a phishing kit developer. The U.S. Attorney’s Office for the Northern District of Georgia was involved in identifying and seizing the operation’s infrastructure.
Next Story