Shopping scam sprawled across thousands of websites, bilked ‘tens of millions of dollars’

Avatar

Crooks potentially defrauded hundreds of thousands of consumers by hacking legitimate shopping websites and redirecting people to fake online shops that sold hard-to-find items but never shipped them, according to cybersecurity researchers.

The long-running scheme involved malicious code that “creates fake product listings and adds metadata that puts these fake listings near the top of search engine rankings for the items, making them an appealing offer for an unsuspecting consumer,” Satori Threat Intelligence said Thursday.

Clicking on one of those links sent victims to another website, controlled by the cybercriminals, where “one of four targeted third-party payment processors collects credit card info and confirms a ‘purchase’, but the product never arrives.”

The researchers — a unit of cybersecurity company HUMAN — said they were able to largely disrupt the operation by notifying the affected payment processors and law enforcement. The scheme, labeled “Phish ‘n’ Ships,” dates back to at least 2019, and the threat actors used Simplified Chinese in their internal tools, the report said.

Authorities have been warning consumers about such scams for years. Earlier in 2024 a German company, Security Research Labs, reported on a similarly large operation, dubbed BogusBazaar. Phish ‘n’ Ships has some elements in common with that one, Satori’s analysts said. Security Research Labs said BogusBazaar appeared to have China as its main operating hub.

The Phish ‘n’ Ships scammers “infected more than 1,000 websites to create and promote fake product listings and built 121 fake web stores to trick consumers,” the Satori researchers said. The damage tallies up to “losses of tens of millions of dollars over the past five years, with hundreds of thousands of consumers victimized.”

The researchers say that despite the current disruptions, the operation is an active and ongoing threat, although the fraudsters appear to “have been forced to hunt for new methods.”

The affected consumers often are searching for niche items with limited supplies, the researchers said, citing oven mitts that look like Nintendo’s Power Glove video game accessory from the 1980s. One sham website listed them for about $60.

News BriefsNewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

FBI: Iranian cyber group targeted Summer Olympics with attack on French display provider

Next Post

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

Related Posts

Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining

The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure
Avatar
Read More