Fraud Education and Prevention Articles

Is Your Old Router Exposing You to Fraud?

Sep 25, 2025

Could your trusty home Wi-Fi router be a secret accomplice to international cybercriminals?

Preposterous as it sounds, that's exactly what some Oklahomans learned to be true. In May 2025, the FBI announced indictments against four foreign nationals for infecting older-model routers all over the world — including business and residential routers in Oklahoma — and selling access to them for fees ranging from $10 to $100 per month.1

The illicit business was a criminal proxy service, which both enables others to conceal cybercrime and is a crime itself. Officials said it appeared to be functional for more than 20 years and generated more than $46 million.

Could your router be next? Consumer Reports survey data indicates that 20% of consumers wait more than four years to replace their router, despite many tech companies' recommendations of replacing routers every three to four years.2 A 2018 study found that 83% of analyzed household routers had vulnerabilities to potential cyberattacks.3 The Cybersecurity and Infrastructure Security Agency (CISA) recommends how to secure your Wi-Fi.

Here's what every connected household should know about criminal proxy services and the risks of older routers.

How Criminal Proxy Services Work

An important step in getting away with cybercrime is figuring out how to hide your digital footprints. That is a criminal proxy service's offering.

Here's how it works:

A cybercriminal identifies vulnerable Wi-Fi routers and infects them with malware — malicious software. One well-known malware used for this purpose is called TheMoon, which the FBI first found on routers in 2014 and continues to warn consumers about.4 It not only infects vulnerable routers (and has no trouble getting around passwords), it also scans the area for more vulnerable routers to infect. In 2024, one TheMoon attack reportedly infected 6,000 routers in 72 hours.5

The infected routers create a network, called a botnet. After the scammer has infected enough routers, they then sell access to their router network to those who want to conceal their location doing certain things online. Often, those things are cybercrimes. When officials attempt to track the location of one of these crimes, it appears to have originated in the infected router instead of the criminal's location.

If Your Router Is Infected, Should You Even Care?

Though a cybercriminal having access to your home router is undoubtedly creepy, is it harmful? While direct harm to the victim is less likely, indirect harm is almost certainly happening if your router is infected.

Direct Harms to Victims

The owner of the router isn't the primary financial fraud target in a criminal proxy service scam. After all, the criminal offering access to those hijacked routers is incentivized to stay hidden. This could be why malware complaints are at the bottom of the FBI Internet Crime Complaint Center's list, with just 441 complaints in 2024.6

However, the router is definitely vulnerable. Potential direct harms include the infected router:7

Redirecting your computer from an intended web address to one that steals your credentials.
Tricking you into installing malware on your computer.
Conducting man-in-the-middle attacks to steal sensitive information in otherwise secure and encrypted connections.
Infecting other devices in your network and invading your home's privacy through your connected home devices.
Hosting a cybercrime that appears to investigators to have originated at your home.8

In 2024, one malware attack reportedly infected 6,000 routers in 72 hours.

Many responsible citizens may also be concerned about their infected router's intended use, which is harm to others, including:

Being corralled into a botnet to launch massive attacks against websites or even infrastructure.7
Being used for covert cryptocurrency mining that funds illicit activities.
Committing any range of cybercrimes against others.

How to Know If Your Router Is Vulnerable

For many people, a Wi-Fi router is like plumbing: You just don't think about it until there's a problem. And the red flags for a problematic router can be less obvious than an overflowing toilet. If your router is part of a criminal proxy service operation — or could potentially come one — you may not even know it. Instead of waiting for a sign, take the following steps to gauge your router's vulnerability:

Identify your router's age. It's difficult to pin down the exact age at which routers start becoming vulnerable. While tech companies may recommend replacing routers every three to four years, they also profit when consumers replace routers sooner rather than later.2 An FBI warning about end-of-life routers defines outdated routers as those from 2010 or earlier — a whopping 15 years old.4 Other experts recommend five years as a default expiration date.

Check with the router manufacturer for updates. Some tech companies keep a list of end-of-life devices. Even if they don't, they should have info on the last time they sent a firmware update to your model. If it's been months (or years), it's likely no longer supported.

Take poor performance seriously. Sluggish loading, disrupted streaming and dropped connections are all signs your router may be past its prime.

How to Protect Yourself

The FBI recommends that internet users take the following steps to protect themselves against becoming, or continuing to be, a victim of a criminal proxy services operation:4

If your router is old enough to be a concern, replace it.
Check for firmware updates and security patches through your router's manufacturer, and if they haven't been installed automatically, apply them immediately.
Log in to your router settings and disable remote management/remote administration, save the change and reboot the router.
Use strong passwords. While some malware can get around any passwords, some rely on password breaking.
Apply all security and firmware updates on all devices that are connecting to the router.

It may be hard to know if you're a victim of a criminal proxy service operation, but there are certainly many ways to help avoid becoming one. To keep your home — and the world around you — more secure, it's worthwhile to lock down your router's security.

If you believe you've been targeted by any cyber scam, file a report with both the Federal Trade Commission and the FBI's Internet Crime Complaint Center.9 10 To further protect yourself and your finances from harm, follow the steps outlined in our article, "What to Do if You Are a Victim of Fraud."

Recent

How Cryptocurrency ATM Scams Work
There's a new fraud in town. Cryptocurrency ATMs are appearing across the U.S., and scammers are using them to defraud thousands of victims.
Shhh! Don’t Tell Anyone That Access Code!
One-time access codes are for account owners' eyes only, but scammers are tricking victims into sharing them. Learn how this fraud works.
Scammers Target Current and Former Military Members: Here's How to Stay Safe
Military members often are targeted by scammers for financial fraud.
The Holidays Are Scam Season: Top End-of-Year Frauds to Avoid
Scammers work extra hard to get on the naughty list during the holidays. Stay alert for these common end-of-year scams this holiday season.

How Cryptocurrency ATM Scams Work
There's a new fraud in town. Cryptocurrency ATMs are appearing across the U.S., and scammers are using them to defraud thousands of victims.
Shhh! Don’t Tell Anyone That Access Code!
One-time access codes are for account owners' eyes only, but scammers are tricking victims into sharing them. Learn how this fraud works.

Important disclosure information

Asset allocation and diversifications do not ensure against loss. This content is general in nature and does not constitute legal, tax, accounting, financial or investment advice. You are encouraged to consult with competent legal, tax, accounting, financial or investment professionals based on your specific circumstances. We do not make any warranties as to accuracy or completeness of this information, do not endorse any third-party companies, products, or services described here, and take no liability for your use of this information.

U.S. Attorney's Office, Northern District of Oklahoma, "Botnet Dismantled in International Operation, Russian and Kazakhstani Administrators Indicted," published May 9, 2025. Accessed August 21, 2025. Back
Nicholas De Leon, "How to Tell When It's Time to Replace Your Router," Consumer Reports, published April 30, 2021. Accessed August 21, 2025. Back
The American Consumer Institute Center for Citizen Research, "Securing IoT Devices: How Safe Is Your Wi-Fi Router?" published September 2018. Accessed August 21, 2025. Back
Federal Bureau of Investigation, "Cyber Criminal Proxy Services Exploiting End of Life Routers," FBI Internet Crime Complaint Center, published May 7, 2025. Accessed August 21, 2025. Back
Bill Toulas, "TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service," Bleeping Computer, published March 26, 2024. Accessed August 21, 2025. Back
Federal Bureau of Investigation, "Internet Crime Report 2024," FBI Internet Crime Complaint Center, published April 23, 2025. Accessed August 21, 2025. Back
Tomáš Foltýn, "New Year’s resolutions: Routing done right," We Live Security, published January 17, 2019. Accessed August 21, 2025. Back
Federal Bureau of Investigation, "Inside the FBI Podcast: The 911 S5 Cyber Threat," FBI Video Repository, published June 11, 2024. Accessed August 21, 2025. Back
Federal Trade Commission, "Report Fraud," accessed August 21, 2025. Back
FBI, "File a Complaint," Internet Crime Complaint Center, accessed August 21, 2025. Back