The U.S. Department of Justice announced seizure of dozens of domains tied to an online marketplace selling phishing kits and other fraud‑enabling tools to transnational criminal groups. Authorities said the marketplaces facilitated phishing, credential harvesting and scams that resulted in millions in victim losses.

In a coordinated enforcement action announced on January 30, 2025, the U.S. Department of Justice seized dozens of internet domains used to market and distribute phishing kits, credential‑harvesting toolsets and other cybercrime enabling services. Investigators described the websites as virtual marketplaces where developers sold turnkey phishing templates, automated tooling and operational support to transnational criminal groups that then deployed campaigns targeting businesses and consumers worldwide. The DOJ said the infrastructure enabled large‑scale credential theft, business email compromise attempts and widespread spoofing campaigns that have produced millions of dollars in reported losses and facilitated countless fraud incidents. The operation targeted not only the storefront domains but also seized administrative control and worked with hosting providers, registrars and international partners to disrupt back‑end operations. Officials framed the action as a strategic strike against the supply chain of cybercrime, emphasizing that removing commercialized tooling raises the bar for opportunistic criminals and complements victim outreach, industry cooperation, and criminal prosecutions to deter future large‑scale phishing campaigns.