Hundreds of online shops have been hacked to show fake product listings in major phishing scam

News
By published

Victims have already lost tens of millions of dollars

Fraud
Image Credit: Shutterstock (Image credit: Gustavo Frazao / Shutterstock)

Hackers have been compromising online shops, redirecting people to copycat websites, and stealing both their data and their money there, experts have warned.

The scam, dubbed ‘Phish ‘n’ Ships’ by the Satori Threat Intelligence team from HUMAN which uncovered it, stole tens of millions of dollars until it was finally discovered and stopped.

Phish ‘n’ Ships most likely started in 2019. The crooks would break into legitimate online stores in different ways - leveraging n-day vulnerabilities, server misconfigurations, easy-to-guess passwords, or in other ways. Once they gain access, they would upload multiple scripts which would allow them to upload fake product listings.

Disrupting the campaign

The listings would come with SEO-friendly metadata, to make sure they are easy to find through search engines. The fake products, usually for hard-to-find items such as the Nintendo power glove oven mitt, would lead the victims away from the legitimate stores, and through a series of redirects, which end on a copycat website imitating the original, legitimate store.

There, the victims go through a checkout process, giving away not just sensitive information, but also money, to the attackers.

Satori says that “thousands” of legitimate websites were compromised this way, and “hundreds of thousands” of people victimized. The damages are being counted in tens of millions of dollars.

To make matters worse, the crooks were withdrawing the money with no problem, for years. However, Satori’s researchers managed to notify almost all of the victimized websites, and with the help of Google, removed all malicious listings from search engine results.

Finally, the payment processors who were facilitating the cashouts were also notified, and the accounts were banned.

While this means the campaign is disrupted, the researchers believe it’s not completely destroyed. Since no arrests were made, they believe it is only a matter of time before the crooks start rebuilding the network all over again. As we approach the holiday season, it is essential consumers remain vigilant and only shop on reputable websites.

Via BleepingComputer

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A man looking at a tablet with a brown Best Buy package on the desk in front of him
Huge Christmas data breach - 14 million shipping records leaked, putting shoppers at risk
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
European Space Agency hack sees official store hijacked to steal customer details
Someone checking their credit card details online.
Hackers use CAPTCHA scam in PDF files on Webflow CDN to get past security systems
Concept art representing cybersecurity principles
Cybercriminals cashing in on holiday sales rush
Casio logo
Casio’s online store hit by bogus credit card stealing checkout form
A person holding a credit card in one hand while typing on a laptop keyboard with the other.
WordPress users targeted by devious new credit card skimmer malware
Latest in Security
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in News
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about the MCU, and I think we're getting an official Avengers: Doomsday cast reveal
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
More about security
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
Microsoft Copiot Studio deep reasoning and agent flows

Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
See more latest
Most Popular
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Nissan 2026 line-up
Nissan is back to its bold best with new EV lineup that's led by a third-generation Leaf – and yes, it's an SUV
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about the MCU, and I think we're getting an official Avengers: Doomsday cast reveal
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Group of people meeting
Inflexible work policies are pushing tech workers to quit
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Thursday, March 27 (game #655)