The FBI Just Took Down A Global Phishing Network That Sold Kits To Cybercriminals

It's no secret that the internet can be a dangerous place for unwary users and their data. Nefarious practices like phishing and its larger-scale sibling, whaling, are no joke and can send a person or company into a tailspin. Fortunately, various agencies worldwide are actively working to keep the bad actors behind these scams at bay. For example, a recent joint bust conducted by the Federal Bureau of Investigation — specifically the FBI Atlanta, Georgia Field Office — and the Indonesian National Police has taken down what is claimed to be one of the world's largest and most effective phishing networks, responsible for the theft of login info from tens of thousands of users and more than $20 million in attempted fraud.

The FBI revealed the successful takedown of the network on April 10. The network was built around the W3LL phishing kit, which was advertised for $500. W3LL allowed scammers to create fake login pages that imitated legitimate websites. Once a user tried to log in, the scammers would receive the user's credentials and session data, letting them bypass security measures such as multi-factor authentication as well. Until 2023, this data was bought and sold on a now-defunct online store called W3LLSTORE, before the trading moved to private messaging platforms.

FBI Atlanta and the INP claim to have seized hardware supporting W3LL and apprehended the alleged developer behind it all. The agencies also froze the major online domains used in the operation. Despite the success of this operation, phishing remains a prevalent issue online; even though W3LL is effectively gone, history has shown that other scammers will pick up where it left off.

Phishing is something to take incredibly seriously, and users need to protect themselves from it. Avoid texts, emails, and phone calls that seem illegitimate; even those that seem real should be scrutinized closely. You also need to determine whether you're on a scam website before filling your shopping cart, and certainly before entering any personal or financial information, as the existence of the W3LL kit and W3LLSTORE reinforced. After all, just because this massive network has been found out and dissolved doesn't mean phishing as a practice has gone away with it.

While W3LL may now be a thing of the past, the kit has served as a framework for others seeking to exploit people through such scams. At the start of 2025, the phishing kit Sneaky 2FA made headlines for creating a fake Microsoft 365 login page to lure in victims and steal their information. As it turned out, this similar modus operandi wasn't a coincidence. Cybersecurity company Sekoia found that Sneaky 2FA was created using elements of W3LL's source code.

Internet safety is everything in an increasingly digitized world. While it's great that W3LL has seemingly been taken down for good, phishing doesn't seem to be going anywhere. Remain vigilant, use your best judgment, and keep your personal information as secure as possible.