FBI Dismantles Global Phishing Ring W3LL, Which Allegedly Targeted 17,000+ Victims Worldwide

On Monday, the U.S. Federal Bureau of Investigation (FBI) publicly announced it has successfully taken down a large-scale international phishing operation accused of harming more than 17,000 victims across the globe.

The criminal operation’s central platform, branded W3LL, now displays a prominent public notice on its website confirming that it has been seized by the FBI. Per the bureau’s official statement, the coordinated takedown was carried out in partnership with Indonesian national police. The action yielded two key results: the detention of W3LL’s alleged developer (identified only by the initials G.L.) and the seizure of the network’s core operational domains.

Cybercriminals could purchase the ready-to-use W3LL phishing toolkit for $500. The kit allowed bad actors to deploy convincing fake websites that closely mimicked the login pages of legitimate popular services, letting attackers steal passwords and multi-factor authentication codes from unsuspecting users. According to FBI estimates, the toolkit enabled cybercriminals to attempt more than $20 million in fraudulent activity.

In addition to selling phishing tools, W3LL operated as an underground online marketplace for other criminal cyber activity. The platform allegedly allowed bad actors to buy and sell stolen user credentials and unauthorized access to already hacked systems. The FBI confirms this marketplace facilitated the illegal trade of more than 25,000 compromised user accounts across multiple services.

The FBI did not issue an immediate response to an external request for additional detail and comment on the takedown and ongoing investigation.