A cybersecurity report says hackers compromised government and university websites to host fake OnlyFans pages, redirecting users to scams, malware and fraudulent platforms. UpGuard said the campaign affected over 2,000 domains across nearly 80 countries.

Hackers Abuse Government And University Websites In Fake OnlyFans Scam

The420 Correspondent
3 Min Read

New Delhi | A new cybersecurity report has revealed that hackers are exploiting compromised government and university websites to host fake OnlyFans pages as part of a large-scale global cyber campaign. According to cybersecurity firm UpGuard, the operation has affected more than 2,000 domains across nearly 80 countries, using trusted websites to lure users into online scams and malicious content.

The report states that cybercriminals first identify security vulnerabilities in government (.gov) and educational (.edu) websites before creating fake webpages impersonating OnlyFans creators. These pages are designed with misleading titles such as “Leaked OnlyFans” or “Biggest Leak Yet” to improve their visibility in search engine results and attract unsuspecting users.

Registration Begins for FutureCrime Summit 2026, India’s Largest Cybercrime Conference

Once users click on these links, they are redirected to suspicious websites that may promote fraudulent dating services, phishing campaigns, financial scams, or malware downloads instead of legitimate content.

According to the report, more than 384,000 Digital Millennium Copyright Act (DMCA) takedown requests linked to government and academic websites have been submitted over the past 15 years. Google has reportedly removed approximately 130,000 URLs from its search results following such requests.

The campaign came to light after copyright enforcement notices submitted by OnlyFans content creators highlighted the widespread misuse of trusted institutional websites. Researchers said the notices helped identify a significant number of compromised domains hosting fraudulent content.

The report indicates that websites in India, Bangladesh, Colombia, Nigeria, Peru, the United States, and several other countries have been affected, suggesting that the campaign is part of a coordinated international cyber operation rather than a region-specific attack.

A Researcher at Algoritha Security said cybercriminals increasingly target trusted government and educational domains because users and search engines generally consider them more credible than ordinary websites. According to the researcher, organisations should conduct regular security audits, promptly apply software patches, continuously monitor web infrastructure for unauthorised changes, and strengthen access controls to reduce the risk of website compromise.

Cybersecurity experts have also advised users to remain cautious when opening unexpected search results, even if they appear to originate from government or educational websites, and to avoid downloading files or entering personal information on unfamiliar webpages.

The findings underscore the growing sophistication of cybercriminals in abusing trusted digital infrastructure to distribute scams and malicious content. Organisations worldwide continue to strengthen website security measures as investigations into similar campaigns remain ongoing.

About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.

Stay Connected