On January 29, 2025, law enforcement agencies in the U.S. and the Netherlands executed a significant operation targeting a network of online fraud marketplaces that had been operating under the control of Saim Raza, also known as HeartSender. This coordinated effort led to the shutdown of 39 domains and their associated servers. The websites were used to sell phishing toolkits and fraud-enabling programs, which had been utilized in business email compromise (BEC) schemes, resulting in financial losses exceeding $3 million.
Since 2020, Raza’s marketplace had sold various cybercriminal tools, such as phishing kits, email extractors, and scam pages, which were widely distributed to organized crime groups. These tools were specifically designed to help criminals carry out large-scale phishing attacks and steal login credentials, further enabling fraudulent activities. Raza even took it a step further by providing instructional content to assist individuals in using these malicious tools effectively.
The operation, named Operation Heart Blocker, was a direct response to the significant harm caused by these platforms, which attracted thousands of criminal users.
Law enforcement has emphasized that these tools made it easier for cybercriminals to perpetrate fraud without requiring advanced technical expertise. By dismantling these domains, authorities aim to disrupt the operations of the group, known for facilitating digital fraud on a massive scale.
As part of the operation, users whose credentials may have been compromised by these platforms are encouraged to visit the police’s dedicated site to check whether they were affected. This action follows other significant takedowns, including the shutdown of marketplaces such as Cracked, Nulled, and StarkRDP, further demonstrating the global commitment to combating online crime.