Online Marketplace Sold Stolen Bank Information: Check Your Accounts
Federal prosecutors charged a man who allegedly ran websites selling stolen financial credentials and tools to steal from American bank customers.
Source
CyberScoop
Original headline: Algerian man charged with running two cybercrime marketplaces
Plain-English summary by GetCyberRight. Read the full report at the source above.
Federal prosecutors have charged Abdellah Belmili, a man from Algeria, with running two illegal websites. These sites allegedly sold stolen financial information, including login credentials for bank accounts. The sites also sold phishing kits, which are tools criminals use to create fake bank websites that trick people into entering their usernames and passwords. The phishing kits specifically targeted major American banks. If you bank with a major American financial institution, your login credentials may have been among those stolen and sold on these marketplaces.
While the exact banks and number of affected customers have not been disclosed, this case involves credentials from multiple major U.S. banks. Anyone who has received suspicious emails appearing to be from their bank, or noticed unauthorized activity on their accounts, could potentially be affected.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Here is what you should do right now. First, log into your bank accounts directly by typing your bank's web address into your browser, not by clicking any email links. Check all recent transactions for anything you do not recognize. Second, change your online banking passwords immediately. Make them strong and unique, different from passwords you use anywhere else. Third, enable two-factor authentication on all your bank accounts if you have not already done so. This adds an extra security step when logging in. Fourth, contact your bank directly if you see any suspicious transactions or if you clicked on any links in emails claiming to be from your bank. To stay protected long term, never click links in emails claiming to be from your bank. Instead, always type your bank's website address directly into your browser or use the official mobile app. Be suspicious of any email asking you to verify your account, update your information, or confirm a transaction. Real banks will never ask you to provide your full password or account number via email. Set up account alerts with your bank so you receive text or email notifications for all transactions over a certain amount.
Curated from trusted cybersecurity sources by GetCyberRight
Source: CyberScoopStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles
European Officials to Share New Report on Criminal Networks
Europol will present findings about organized crime threats in Europe. This is an informational report, not an active threat to families.
2 min readEuropol to Release Report on Criminal Networks: What It Means for Online Safety
European law enforcement will present findings about criminal networks on June 26, 2026. This may help families understand current online threats.
2 min read
Critical Cisco Flaw Under Attack: What Business Users Need to Know Now
A newly patched security hole in Cisco's business phone systems is already being exploited by attackers. Here's what you need to know to protect your organization.
3 min read
Old Login Credential Left Behind for Years Leads to Major Data Breach
A four-year-old login credential that should have been deleted gave attackers access to multiple companies' Salesforce customer data in the Klue breach.
3 min read