AMSTERDAM - Authorities seized servers and domains linked to a cybercrime group accused of selling phishing tools used in large-scale online fraud, Dutch police announced Wednesday. 

The January 29 operation, carried out by the FBI and Dutch cybercrime investigators, targeted a criminal network that sold phishing software through illicit online marketplaces. The group allegedly operated a range of fraudulent services, including email spam tools, fake login pages, and credential-stealing software. 

Investigators from the Oost-Brabant Cybercrime Unit began their probe in late 2022 after discovering phishing software on a suspect’s computer in a separate case. Simultaneously, U.S. authorities were conducting their own investigation into the same group. The parallel efforts led to “Operation Heart Blocker,” culminating in the takedown of 39 servers and multiple domains used to facilitate cybercrimes. 

According to investigators, the network operated like a full-fledged business, promoting its services through platforms such as YouTube. Cybercriminals could purchase tools designed to send mass phishing emails, steal login credentials, and compromise online accounts. In addition, the group sold access to hacked web servers, email services, and WordPress accounts, providing criminals with infrastructure to carry out further attacks. Authorities estimate that thousands of cybercriminals worldwide used these services, fueling online fraud on a global scale. 

While police successfully disrupted the group’s operations, the investigation is far from over. Dutch cybercrime investigators have identified multiple buyers of the phishing tools, including possible suspects in the Netherlands. Authorities are now focusing on tracking down those who purchased and used the stolen data. 

Police recovered millions of stolen credentials in the seized data, including approximately 100,000 Dutch usernames and passwords. Victims may have unknowingly had their login information compromised and used for fraudulent activities. 

Police launch support tool 

Dutch police have launched an online tool where users can check whether their email address was among the stolen credentials. Victims who find their email in the database will receive security tips and guidance on how to protect their accounts. 

The consequences of compromised credentials can be severe. Criminals gaining access to email accounts can use them to send phishing emails to a victim’s contacts, making fraudulent messages appear more legitimate. They can also reset passwords for online shopping accounts, potentially making unauthorized purchases. 

Hacked web server and WordPress accounts pose an even greater risk, as criminals can take control of websites and use them to distribute malware or conduct further phishing attacks. 

Authorities urge anyone who may have been affected to immediately change their passwords and enable two-factor authentication. Victims of cybercrime are encouraged to report incidents to the police, as every report helps investigators build cases against criminals and prevent further attacks. 

“This investigation shows that we can seriously disrupt cybercriminal operations, but we need the public’s help,” police said in a statement. “Every report provides valuable information that helps us track down offenders and prevent new victims.”