DOJ reports the 13 disabled domains used AI-generated images and encrypted applications as part of the deception scheme. The methods were allegedly intended to make the recruitment effort look credible to targets.

In its announcement, the DOJ and FBI describe how the disabled domains used multiple deception components to improve the credibility of the scheme. The release says the operation relied on AI-generated images and encrypted applications to present persuasive personas and to facilitate controlled interactions with victims. The use of AI-generated visuals is significant because it can help scammers quickly create realistic-looking materials that mimic legitimate communications or branded opportunities. Combined with an impersonation strategy, the images can reduce friction for victims deciding whether to trust an online approach. The DOJ/FBI release also references encrypted applications, which may be used to conceal malicious behavior, protect the attacker’s tooling, or restrict analysis. Even when the initial lure appears benign, the downstream encrypted tooling can enable further compromise—such as collecting information, redirecting victims, or installing harmful components. By disabling the 13 domains, the government disrupted the attackers’ ability to deliver these deception assets and maintain the infrastructure needed for continued targeting. The takedown therefore works at both the entry point and operational continuity levels: it prevents new victims from reaching the fake infrastructure and limits the attackers’ capacity to scale or iterate the deception campaign. This case fits a broader pattern of government-linked online scams where credibility engineering (AI content) and technical concealment (encryption) combine to increase success rates.