Shopping scam sprawled across thousands of websites, bilked ‘tens of millions of dollars’

Avatar

Crooks potentially defrauded hundreds of thousands of consumers by hacking legitimate shopping websites and redirecting people to fake online shops that sold hard-to-find items but never shipped them, according to cybersecurity researchers.

The long-running scheme involved malicious code that “creates fake product listings and adds metadata that puts these fake listings near the top of search engine rankings for the items, making them an appealing offer for an unsuspecting consumer,” Satori Threat Intelligence said Thursday.

Clicking on one of those links sent victims to another website, controlled by the cybercriminals, where “one of four targeted third-party payment processors collects credit card info and confirms a ‘purchase’, but the product never arrives.”

The researchers — a unit of cybersecurity company HUMAN — said they were able to largely disrupt the operation by notifying the affected payment processors and law enforcement. The scheme, labeled “Phish ‘n’ Ships,” dates back to at least 2019, and the threat actors used Simplified Chinese in their internal tools, the report said.

Authorities have been warning consumers about such scams for years. Earlier in 2024 a German company, Security Research Labs, reported on a similarly large operation, dubbed BogusBazaar. Phish ‘n’ Ships has some elements in common with that one, Satori’s analysts said. Security Research Labs said BogusBazaar appeared to have China as its main operating hub.

The Phish ‘n’ Ships scammers “infected more than 1,000 websites to create and promote fake product listings and built 121 fake web stores to trick consumers,” the Satori researchers said. The damage tallies up to “losses of tens of millions of dollars over the past five years, with hundreds of thousands of consumers victimized.”

The researchers say that despite the current disruptions, the operation is an active and ongoing threat, although the fraudsters appear to “have been forced to hunt for new methods.”

The affected consumers often are searching for niche items with limited supplies, the researchers said, citing oven mitts that look like Nintendo’s Power Glove video game accessory from the 1980s. One sham website listed them for about $60.

News BriefsNewsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

FBI: Iranian cyber group targeted Summer Olympics with attack on French display provider

Next Post

Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned

Related Posts

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. "An improper access control vulnerability has been identified in the SonicWall SonicOS
Avatar
Read More

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances. "An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows
Omega Balla
Read More