The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

One of several current Fudtools sites run by the principals of The Manipulators.

On January 29, the FBI and the Dutch national police seized the technical infrastructure for a cybercrime service marketed under the brands Heartsender, Fudpage and Fudtools (and many other “fud” variations). The “fud” bit stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances.

The Dutch authorities said 39 servers and domains abroad were seized, and that the servers contained millions of records from victims worldwide — including at least 100,000 records pertaining to Dutch citizens.

A statement from the U.S. Department of Justice refers to the cybercrime group as Saim Raza, after a pseudonym The Manipulaters communally used to promote their spam, malware and phishing services on social media.

“The Saim Raza-run websites operated as marketplaces that advertised and facilitated the sale of tools such as phishing kits, scam pages and email extractors often used to build and maintain fraud operations,” the DOJ explained.

The core Manipulaters product is Heartsender, a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365, Yahoo, AOL, Intuit, iCloud and ID.me, to name a few.

The government says transnational organized crime groups that purchased these services primarily used them to run business email compromise (BEC) schemes, wherein the cybercrime actors tricked victim companies into making payments to a third party.

“Those payments would instead be redirected to a financial account the perpetrators controlled, resulting in significant losses to victims,” the DOJ wrote. “These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes. The seizure of these domains is intended to disrupt the ongoing activity of these groups and stop the proliferation of these tools within the cybercriminal community.”

Manipulaters advertisement for “Office 365 Private Page with Antibot” phishing kit sold via Heartsender. “Antibot” refers to functionality that attempts to evade automated detection techniques, keeping a phish deployed and accessible as long as possible. Image: DomainTools.

KrebsOnSecurity first wrote about The Manipulaters in May 2015, mainly because their ads at the time were blanketing a number of popular cybercrime forums, and because they were fairly open and brazen about what they were doing — even who they were in real life.

We caught up with The Manipulaters again in 2021, with a story that found the core employees had started a web coding company in Lahore called WeCodeSolutions — presumably as a way to account for their considerable Heartsender income. That piece examined how WeCodeSolutions employees had all doxed themselves on Facebook by posting pictures from company parties each year featuring a large cake with the words FudCo written in icing.

A follow-up story last year about The Manipulaters prompted messages from various WeCodeSolutions employees who pleaded with this publication to remove stories about them. The Saim Raza identity told KrebsOnSecurity they were recently released from jail after being arrested and charged by local police, although they declined to elaborate on the charges.

The Manipulaters never seemed to care much about protecting their own identities, so it’s not surprising that they were unable or unwilling to protect their own customers. In an analysis released last year, DomainTools.com found the web-hosted version of Heartsender leaked an extraordinary amount of user information to unauthenticated users, including customer credentials and email records from Heartsender employees.

Almost every year since their founding, The Manipulaters have posted a picture of a FudCo cake from a company party celebrating its anniversary.

DomainTools also uncovered evidence that the computers used by The Manipulaters were all infected with the same password-stealing malware, and that vast numbers of credentials were stolen from the group and sold online.

“Ironically, the Manipulaters may create more short-term risk to their own customers than law enforcement,” DomainTools wrote. “The data table ‘User Feedbacks’ (sic) exposes what appear to be customer authentication tokens, user identifiers, and even a customer support request that exposes root-level SMTP credentials–all visible by an unauthenticated user on a Manipulaters-controlled domain.”

Police in The Netherlands said the investigation into the owners and customers of the service is ongoing.

“The Cybercrime Team is on the trail of a number of buyers of the tools,” the Dutch national police said. “Presumably, these buyers also include Dutch nationals. The investigation into the makers and buyers of this phishing software has not yet been completed with the seizure of the servers and domains.”

U.S. authorities this week also joined law enforcement in Australia, France, Greece, Italy, Romania and Spain in seizing a number of domains for several long-running cybercrime forums and services, including Cracked and Nulled. According to a statement from the European police agency Europol, the two communities attracted more than 10 million users in total.

Other domains seized as part of “Operation Talent” included Sellix, an e-commerce platform that was frequently used by cybercrime forum members to buy and sell illicit goods and services.

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.

Last week, the Massachusetts Department of Transportation (MassDOT) warned residents to be on the lookout for a new SMS phishing or “smishing” scam targeting users of EZDriveMA, MassDOT’s all electronic tolling program. Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app.

Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert. People in Florida reported receiving SMS phishing that spoofed Sunpass, Florida’s prepaid toll program.

This phishing module for spoofing MassDOT’s EZDrive toll system was offered on Jan. 10, 2025 by a China-based SMS phishing service called “Lighthouse.”

In Texas, residents said they received text messages about unpaid tolls with the North Texas Toll Authority. Similar reports came from readers in California, Colorado, Connecticut, Minnesota, and Washington. This is by no means a comprehensive list.

A new module from the Lighthouse SMS phishing kit released Jan. 14 targets customers of the North Texas Toll Authority (NTTA).

In each case, the emergence of these SMS phishing attacks coincided with the release of new phishing kit capabilities that closely mimic these toll operator websites as they appear on mobile devices. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.

Ford Merrill works in security research at SecAlliance, a CSIS Security Group company. Merrill said the volume of SMS phishing attacks spoofing toll road operators skyrocketed after the New Year, when at least one Chinese cybercriminal group known for selling sophisticated SMS phishing kits began offering new phishing pages designed to spoof toll operators in various U.S. states.

According to Merrill, multiple China-based cybercriminals are selling distinct SMS-based phishing kits that each have hundreds or thousands of customers. The ultimate goal of these kits, he said, is to phish enough information from victims that their payment cards can be added to mobile wallets and used to buy goods at physical stores, online, or to launder money through shell companies.

A component of the Chinese SMS phishing kit Lighthouse made to target customers of The Toll Roads, which refers to several state routes through Orange County, Calif.

Merrill said the different purveyors of these SMS phishing tools traditionally have impersonated shipping companies, customs authorities, and even governments with tax refund lures and visa or immigration renewal scams targeting people who may be living abroad or new to a country.

“What we’re seeing with these tolls scams is just a continuation of the Chinese smishing groups rotating from package redelivery schemes to toll road scams,” Merrill said. “Every one of us by now is sick and tired of receiving these package smishing attacks, so now it’s a new twist on an existing scam.”

In October 2023, KrebsOnSecurity wrote about a massive uptick in SMS phishing scams targeting U.S. Postal Service customers. That story revealed the surge was tied to innovations introduced by “Chenlun,” a mainland China-based proprietor of a popular phishing kit and service. At the time, Chenlun had just introduced new phishing pages made to impersonate postal services in the United States and at least a dozen other countries.

SMS phishing kits are hardly new, but Merrill said Chinese smishing groups recently have introduced innovations in deliverability, by more seamlessly integrating their spam messages with Apple’s iMessage technology, and with RCS, the equivalent “rich text” messaging capability built into Android devices.

“While traditional smishing kits relied heavily on SMS for delivery, nowadays the actors make heavy use of iMessage and RCS because telecom operators can’t filter them and they likely have a higher success rate with these delivery channels,” he said.

It remains unclear how the phishers have selected their targets, or from where their data may be sourced. A notice from MassDOT cautions that “the targeted phone numbers seem to be chosen at random and are not uniquely associated with an account or usage of toll roads.”

Indeed, one reader shared on Mastodon yesterday that they’d received one of these SMS phishing attacks spoofing a local toll operator, when they didn’t even own a vehicle.

Targeted or not, these phishing websites are dangerous because they are operated dynamically in real-time by criminals. If you receive one of these messages, just ignore it or delete it, but please do not visit the phishing site. The FBI asks that before you bin the missives, consider filing a complaint with the agency’s Internet Crime Complaint Center (IC3), including the phone number where the text originated, and the website listed within the text.

Melania Trump is back in the White House as America’s first lady for a second time — but her life and legacy go beyond her duties as the commander-in-chief's wife.

She made a name for herself even before she met President Donald Trump, when she stepped foot on United States soil at age 26. 

Born Melania Knauss, she came to America from Slovenia in 1996 with "youthful confidence."

PRESIDENT DONALD TRUMP AND MELANIA TRUMP'S 20TH WEDDING ANNIVERSARY: SEE THE PHOTOS

"As an adult, there comes a moment when you become solely responsible for the life you lead," she writes in her bestselling memoir, "Melania."

"You must take charge, embrace that responsibility, and become the architect of your own future."

Two years after living in Manhattan, the future Mrs. Trump met the real-estate mogul, Donald J. Trump, at a party while she was still deep into her modeling career.

"He wanted my number, but he was with a date, so of course I didn’t give it to him," the first lady said in a 2016 interview with Harper’s Bazaar.

VP VANCE AND HIS YOUNG FAMILY START FRESH AT OFFICIAL RESIDENCE, PROMISE TO 'TAKE GOOD CARE OF IT'

"I said, ‘I am not giving you my number; you give me yours, and I will call you.’ I wanted to see what kind of number he would give me — if it was a business number, ‘What is this? I’m not doing business with you.’"

The future president gave her all of his phone numbers, from numbers at Mar-a-Lago to his New York home — and within a week, she gave him a ring.

"I was struck by his energy… He has an amazing sense of vitality," Melania Trump told the magazine.

The next few years involved the finalization of Trump’s second divorce and a brief split between the happy couple, but they eventually reunited, she has said in interviews. 

MELANIA TRUMP REVEALS HOW SHE STAYS CALM, COOL, FOCUSED AND HEALTHY: 'GUIDING PRINCIPLE'

In 2004, Trump proposed to the future first lady at one of the biggest nights in New York City: the Met Gala.

The next year, the Trumps said "I do" at a most luxurious wedding, which was publicly described as being fit for royalty — from the stunning gown worn by the bride to the exquisite reception at Mar-a-Lago.

While the  $100,000 Christian Dior wedding gown, 10,000 flowers on display and chefs serving caviar with Cristal champagne may have been highlights of the evening, Melania Trump said she felt like any other bride when she walked down the aisle.

"Although my wedding was grand in scale … what I felt in my heart was what every other bride feels on her special day. The pressure to ensure everything went smoothly was certainly real, but ultimately, my primary focus was celebrating Donald and my love and commitment, surrounded by my loved ones," she wrote in her memoir.

IVANKA TRUMP SHARES THE FITNESS ROUTINE THAT HAS ‘TRANSFORMED’ HER BODY: ‘SAFE AND STEADY’ 

On March 20, 2006, the first lady gave birth to the couple's son, Barron William Trump.

In the midst of raising Barron, she continued to find other ways work, inorder to set a good example for her son.

"It’s very important that we show our children that we are working, too. To give them an example [of] how life is," she said in an exclusive interview with "Fox & Friends." 

"That they see us as productive. We have ideas and these ideas come to life," she said. 

After 10 years of raising her son, being the wife of a business mogul and working on her own endeavors, a new title was added to her long list of achievements: first lady of the United States.

She said she had no idea she would become a prominent figure in the political spotlight when she came to America. 

MELANIA TRUMP TO RELEASE FIRST MEMOIR, WILL REVEAL STORIES AND PHOTOS 'NEVER BEFORE SHARED WITH THE PUBLIC'

"I think nothing prepared me more to be first lady in front of the world than the fashion industry… It's glamorous, but it's at the same time very tough," Melania Trump shared in her interview with "Fox & Friends."

"Everybody judges you, [looks] at you a certain way … It can be a mean world as well. So nothing prepared me more for this world than fashion. It gives you a thick skin."

CLICK HERE TO SIGN UP FOR OUR LIFESTYLE NEWSLETTER

During her time as first lady, she has been an avid supporter of America's military, saying, "Supporting our military is a fundamental belief of mine," Fox News Digital previously reported.

Her love and respect for this country was also clearly on display as she worked to preserve the executive mansion, seeing it as her way of "contributing something lasting and beautiful to the American people, transcending politics and partisanship."

Having already served the country in this role, she knows what is expected of a first lady. 

For more Lifestyle articles, visit foxnews.com/lifestyle

That previous experience is an advantage she will be able to use for the next four years.

"I have much more experience, much more knowledge. I was in the White House before. So when you go in, you know exactly what to expect. You know what kind of people you need to get," she told "Fox & Friends."

She has an understanding of this role and said she's filled with great pride — writing in her memoir that she has a "stronger sense of duty to use my platform as first lady for good."

A man decided to take his relationship to the next level and to brand-new heights by proposing to his girlfriend mid-flight.

Sam Riber, a 34-year-old CEO from Pennsylvania, took inspiration from the Adam Sandler and Drew Barrymore movie, "The Wedding Singer," to propose to his now-fiancé, Lissy Alden, 37.

The Philadelphia resident first met Alden, owner of mental and organizational fitness provider MYNDY, at a Shabbat dinner early last year. The two immediately felt a connection, as news agency SWNS reported.

CALIFORNIA COUPLE GOES VIRAL FOR SHARING TOP PLACES TO VISIT IN THE US 'AT LEAST ONCE IN YOUR LIFE'

"I almost didn't go to that Shabbat dinner in February because I was tired, but my mom told me I needed to eat … I'm so glad I went," Alden told SWNS.

"We have both dated a lot before, so when we both felt it was really right, we didn't want to have to wait," he said. 

Nearly eight months passed by and Riber had already started coming up with a plan to propose to his girlfriend.

While on a flight to Mexico for Alden's birthday, Riber took that moment as an opportunity to get down on one knee while thousands of feet in the air, SWNS reported.

'SLEEP DIVORCE' ON VACATION: TRAVEL TREND HAS COUPLES 'BREAKING UP' AT BEDTIME

Riber and Alden are both film lovers — so the CEO decided that he wanted to recreate a scene from the 1998 comedy film.

Without Alden noticing, Riber was able to smuggle a prop guitar onto the plane and work in secret codewords with the flight attendants to pull off the surprise proposal, SWNS said. 

Alden and her then-boyfriend were halfway through their flight from North Carolina to Mexico City on Dec. 24, Christmas Eve. 

That's when Riber pulled out his prop guitar and serenaded her with the same song Sandler's character sang when he proposed to Barrymore's character in the movie "The Wedding Singer" — "Grow Old With You."

PENNSYLVANIA COUPLE TRAVELING ALL OVER THE GLOBE SHARE AMAZING PHOTOS, STORIES FROM WORLD TRAVELS

The fitness founder responded to the life-changing moment with a resounding, "Yes!"

"It was such a special moment," Riber told the news organization.

"I almost couldn't believe it all worked out."

While Riber has been a fan of the movie for years, his now-fiancé was not as familiar with the movie.

For more Lifestyle articles, visit foxnews.com/lifestyle

"Lissy had never seen it, so I had to find a way to introduce it to her without giving anything away," the Pennsylvania CEO said. 

"I managed to casually suggest a movie night. She went for it and luckily she absolutely loved the film, same as me," he said. "We've since sung versions of that song to each other because we often quote or act out movies to entertain each other, but she had no clue about my wider plan."

Riber was able to pull off the entire proposal without a hitch, thanks to the support of the flight attendants.

"I was lucky enough to have the support of the flight attendants, especially Teri Ramirez, who you see helping me with the PA system," Riber said.

CLICK HERE TO SIGN UP FOR OUR LIFESTYLE NEWSLETTER

"The team went above and beyond to help, even introducing our code word 'juice' so I would know when to go up and grab the guitar they'd been hiding for me."

Alden initially thought the excitement on the flight had to do with her birthday, since Riber had already started to celebrate by bumping them up to first class, SWNS added.

"Although I had no idea he was going to propose then and there, we had talked about a future, so it wasn't completely out of the blue," the MYNDY owner shared.

"But, when he got down on one knee, I realized what was happening and just felt so happy."

Reflecting back on the magical moment in the sky, Alden called the experience "a peak life moment."