The FBI Atlanta Field Office, working closely with Indonesian law enforcement, has dismantled a highly organized global phishing operation that gave cybercriminals easy access to a powerful tool for stealing account credentials and attempting large-scale fraud.

At the centre of the operation was a tool known as the “W3LL phishing kit.” For a fee of around $500, criminals could buy access to this platform, which allowed them to create fake login pages that looked almost identical to legitimate websites. When victims entered their usernames and passwords, the kit captured the information. Even more dangerously, it also stole session data, allowing attackers to bypass multi-factor authentication – the extra security step that sends a verification code to a user’s phone or email.

W3LLSTORE marketplace

The kit was backed by an online marketplace called “W3LLSTORE.” Between 2019 and 2023, this marketplace sold more than 25,000 compromised accounts. Even after the store was shut down in 2023, the operation continued through encrypted messaging apps, where the tool was rebranded and distributed to new users.

Between 2023 and 2024, the phishing kit was used to targmore than 17,000 victims across the world.

Major breakthrough on April 10

On April 10, authorities detained the alleged developer of the kit, identified only as “G.L.,” in Indonesia. They also seized the infrastructure supporting the entire operation. This coordinated action marks the first time U.S. and Indonesian authorities have jointly targeted a phishing kit developer.

The U.S. Attorney’s Office for the Northern District of Georgia played a key role in identifying and seizing the infrastructure.

FBI statement

FBI Atlanta Special Agent in Charge Marlo Graham said, quoed by TOI, “This wasn’t just phishing – it was a full-service cybercrime platform. We will continue to work with our domestic and foreign law enforcement partners, using all available tools to protect the public.”

By the numbers:

• $20 million: Total fraud attempts linked to the network
• $500: Cost for criminals to buy access to the W3LL phishing kit
• 25,000+: Compromised accounts sold through the W3LLSTORE marketplace
• 17,000+: Victims targeted worldwide between 2023 and 2024

The successful takedown is expected to significantly disrupt a major resource used by cybercriminals and serves as a strong example of effective international cooperation against evolving cyber threats.(With TOI inputs)

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!