The FBI and Indonesian authorities dismantled the W3LL phishing operation after it enabled over $20 million in attempted fraud. The FBI Atlanta office led the joint mission to seize online infrastructure and detain the lead developer in Indonesia.
The W3LL platform sold a phishing-as-a-service toolkit to criminals for approximately $500. This software allowed users to create fraudulent login pages and steal credentials. The toolkit specifically captured session data to bypass multi-factor authentication.
Criminals used the service to target more than 17,000 victims. Research indicates the operation focused on compromising tens of thousands of corporate Microsoft 365 accounts.