Hundreds of online shops have been hacked to show fake product listings in major phishing scam

Fraud
Image Credit: Shutterstock (Image credit: Gustavo Frazao / Shutterstock)

Hackers have been compromising online shops, redirecting people to copycat websites, and stealing both their data and their money there, experts have warned.

The scam, dubbed ‘Phish ‘n’ Ships’ by the Satori Threat Intelligence team from HUMAN which uncovered it, stole tens of millions of dollars until it was finally discovered and stopped.

Phish ‘n’ Ships most likely started in 2019. The crooks would break into legitimate online stores in different ways - leveraging n-day vulnerabilities, server misconfigurations, easy-to-guess passwords, or in other ways. Once they gain access, they would upload multiple scripts which would allow them to upload fake product listings.

Disrupting the campaign

The listings would come with SEO-friendly metadata, to make sure they are easy to find through search engines. The fake products, usually for hard-to-find items such as the Nintendo power glove oven mitt, would lead the victims away from the legitimate stores, and through a series of redirects, which end on a copycat website imitating the original, legitimate store.

There, the victims go through a checkout process, giving away not just sensitive information, but also money, to the attackers.

Satori says that “thousands” of legitimate websites were compromised this way, and “hundreds of thousands” of people victimized. The damages are being counted in tens of millions of dollars.

To make matters worse, the crooks were withdrawing the money with no problem, for years. However, Satori’s researchers managed to notify almost all of the victimized websites, and with the help of Google, removed all malicious listings from search engine results.

Finally, the payment processors who were facilitating the cashouts were also notified, and the accounts were banned.

While this means the campaign is disrupted, the researchers believe it’s not completely destroyed. Since no arrests were made, they believe it is only a matter of time before the crooks start rebuilding the network all over again. As we approach the holiday season, it is essential consumers remain vigilant and only shop on reputable websites.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.