Skip to content
Tech News
← Back to articles

The Feds Took Down a 'Full-Service Cybercrime Platform' Behind $20M in Phishing

2026-04-13 | original
read original get Cybersecurity Anti-Phishing Kit → more articles
Why This Matters

The takedown of the W3LL cybercrime platform highlights the ongoing efforts by law enforcement to combat sophisticated phishing operations that threaten consumer and enterprise security. This action underscores the importance of cybersecurity vigilance and the need for continuous innovation in defense strategies against cybercriminals. It also signals a crackdown on the infrastructure enabling large-scale digital fraud, which can lead to increased safety for users and organizations alike.

Key Takeaways

Cybercrime is a big business, driving nearly $21 billion in fraud and theft in 2026 alone. The FBI and the Indonesian National Police took a chunk out of that late last week when the pair took down infrastructure vital to the W3LL phishing kit, a piece of software that could steal someone's account credentials and data to bypass multi-factor authentication.

The W3LL phishing kit was best known for targeting Microsoft 365 accounts, but a crook could purchase it for $500 online and target any number of services. They could then deploy a website that captures a user's login information and session data, giving the criminal access to the account without going through multi-factor authentication.

Read more: Best Password Manager in 2025

The cybersecurity firm Group-IB, which first documented the W3LL phishing kit in 2023, described it as an all-in-one phishing tool capable of making custom phishing tools, providing email lists, and granting access to compromised servers. Its developer also made a couple of bulk email spam tools called PunnySender and W3LL Sender before the W3LL phishing kit, and has been active in cybercrime since at least 2017.

"This wasn't just phishing -- it was a full-service cybercrime platform," FBI Atlanta Special Agent in Charge Marlo Graham said in a press release.

Watch this: Your Phone is Disgusting: Let's Fix That 05:07

Representatives for the FBI and Group-IB did not immediately respond to requests for comment.

According to the FBI, the kit was available in the W3LL marketplace from 2019 until the store closed in 2023. The developer, known publicly as G.L, continued selling the kit and compromised account details over encrypted messaging platforms. The FBI said authorities detained a suspect believed to be G.L.

Read more: Anthropic Says Its New AI Model Is So Good at Finding Security Risks, You Can't Use It

The tool is responsible for quite a lot of damage. The FBI estimates that the W3LL store housed more than 25,000 compromised accounts up through 2023 and the tool was used to compromise an additional 17,000 accounts in 2023 and 2024. Criminals stole, or attempted to steal, roughly $20 million in total.

... continue reading

Explore topics: w3ll phishing group-ib fbi microsoft 365 punny sender
Related:
Keep Pushing: We Get 10 More Days to Reform Section 702
Things You Told ChatGPT or Claude My Have Already Doomed You in Court
Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance
Microsoft counters MacBook Neo with free Game Pass and Office bundle on Windows laptops
Microsoft has a new idea on how to deter students from MacBook Neo

© 2026 GoKawiil

About | Editorial Policy | Contact