Government websites across 80 countries exploited for fake OnlyFans scams: Report
A new UpGuard report reveals that hackers have compromised more than 2,000 government and university websites across 80 countries to host fake OnlyFans leak pages. The campaign uses trusted .gov and .edu domains to rank higher in Google Search and redirect users to scam and potentially malicious websites.
Published By: Deepti Ratnam | Published: Jul 09, 2026, 01:20 PM (IST)
According to a new cybersecurity report, hackers and fraudsters are increasingly hijacking trusted government and university websites. They are targeting users and luring them to search for leaked 'OnlyFans' content. The report was published by UpGuard about a campaign that targeted and affected more than 2,000 domains across 80 countries. This is one of the biggest examples of how cybercriminals are exploiting the credibility of official websites. Hackers are targeting users to spread scams and malicious content.
The report was first disclosed by WIRED, wherein it was revealed that attackers are using compromised .edu and .gov websites. This is happening to make websites rank higher in Google Search results. The fake pages are created in such a way that they appear more trustworthy to users and they don't suspect them.
This is how scam works and uses are targeted?
The attackers exploit trusted government and university websites, then make pages under popular OnlyFans creators' names, UpGuard reports. These pages will be optimized to be displayed prominently in Google search with catchy titles, for instance "Leaked OnlyFans" or "Biggest Leak Yet."
Rather than serving up pirated material, the pages host users onto dubious websites that advertise online dating, phishing, fake offers, or even perhaps unsafe software downloads.
The use of well-known government and educational sites makes it more likely that users will click on the links due to their trust and higher search rankings.
Increasing copyright complaints exposed hacked websites
Researchers have helped identify the campaign with the help of copyright enforcement.
By issuing copyright takedown requests, OnlyFans creators are inadvertently disclosing unsafe government websites, according to UpGuard's Director of Research Greg Pollock, who told WIRED. As creators find fake pages under their names, they complain to Google to take down the search results, leaving a trail that researchers could follow.
The goal of these types of copyright complaints is to not identify a particular site, but to provide evidence of a compromised site in a variety of countries.
Takedown requests are analyzed
The researchers analyzed takedown notices for Google between 2011 and today via the company's transparency report and the Harvard University's Lumen database.
They discovered over 384,000 copyright takedown requests for government and educational web sites.
Affected domains were found in the affected countries, including India, Bangladesh, Colombia, Nigeria, Peru, and the United States, in dozens.
It seems Google has scrubbed almost 130,000 URLs associated with this campaign from its search results, but many of these compromised sites may be still be online or still being exploited.
Government websites are being targeted
Government and university sites are great targets, since there is a lot of trust that is generated by people and search engines alike.
If the page is located on a government domain, it will be on the front page of the search engine's results, while a new malicious site is less likely to be visible in search results. When used maliciously, this can be a tool for attackers to get more people to visit scam sites without having the reputation of an unknown domain.
This campaign also serves to highlight the fact that cybercriminals are getting more sophisticated, moving from producing fake sites to exploiting existing sites that have a strong online reputation.
Cybersecurity challenge is growing
In addition to copyright infringement, the results point to a larger cyber security problem for public institutions around the world.
Government departments and educational institutions may have numerous websites that can become hard to detect if a site has been compromised. If security auditing, timely software updates, and ongoing surveillance are not performed, an attacker can exploit the vulnerabilities and sneak in malicious code for long periods of time.
Organizations should regularly check their sites for unauthorized pages, patch up known vulnerabilities, and tighten security on access to minimize compromise risks, security experts say.
Why you need to be alert
The report is a reminder that even trusted government and university websites are not necessarily safe.
Users should be aware of the risks of searching for leaked, pirated content, which is often a scammer's target. It also highlights the importance of robust cybersecurity measures for public institutions, as they are fragile and vulnerable to being exploited by attackers who exploit the trust that comes with a government domain.
Cybercriminals are always working on new tricks to get the information that they want, and the incident shows that even online websites' credibility is not a reliable sign of online safety.
Get latest Tech and Auto news from Techlusive on our WhatsApp Channel, Facebook, X (Twitter), Instagram and YouTube.