The U.S. government has seized the 'web3adspanels.org' domain and the associated database used by cybercriminals to host bank login credentials stolen in account takeover attacks.

Cybercriminals collected the credentials in phishing campaigns targeting American citizens through fraudulent ads on Google and Bing search services that led to fake banking portals.

The confirmed financial loss from this activity is estimated at $14.6 million. However, the FBI has determined that the attempted losses through this scheme were around $28 million.

"To date, the FBI has identified at least 19 victims throughout the United States, including two companies in the Northern District of Georgia, whose bank accounts have been compromised through this account takeover scheme, resulting in attempted losses of approximately $28 million dollars and actual losses of approximately $14.6 million dollars," the Department of Justice says.

"The seized domain hosted a server that contained the stolen login credentials of thousands of victims, including the credentials of the victims mentioned above."

During the investigation, the FBI uncovered that the seized domain was used to host a backend server that was active as recently as November.

The seizure was carried out with assistance from Estonian law enforcement and other international partners.

The domain now shows a law enforcement banner informing that it is under the control of authorities.

Authorities have not made any arrests but the investigation may reveal clues leading to the operators.

Since January, the FBI’s Internet Crime Complaint Center has received more than 5,100 complaints related to bank account takeovers, with reported losses exceeding $262 million.

Online banking users are recommended to bookmark official banking portals instead of searching on Google or Bing, or use ad blockers that hide promoted results entirely.