Hackers have compromised online stores, redirected people to copycat websites and stolen both their data and money, experts warn.
The scam, dubbed “Phish ‘n’ Ships” by HUMAN’s Satori Threat Intelligence team that exposed the scam, stole tens of millions of dollars until it was finally discovered and stopped.
Phish ‘n’ Ships likely started in 2019. The crooks would break into legitimate online stores in a variety of ways – using n-day vulnerabilities, server misconfigurations, easy-to-guess passwords, or other means. Once they gained access, they uploaded multiple scripts that allowed them to upload fake product listings.
Disrupting the campaign
The listings would come with SEO-friendly metadata, to ensure they are easy to find via search engines. The counterfeit products, usually for hard-to-find items like the Nintendo Power Glove Oven Mitt, would direct victims away from legitimate stores and through a series of redirects, ending on a copycat website that imitates the original, legitimate store. .
There, victims go through a checkout process, during which not only sensitive information but also money is given away to the attackers.
Satori says “thousands” of legitimate websites have been compromised in this way and “hundreds of thousands” of people have been victimized. The damage is counted in tens of millions of dollars.
To make matters worse, the crooks withdrew the money for years without any problems. However, Satori researchers managed to notify almost all affected websites and, with Google’s help, remove all malicious entries from search engine results.
Finally, the payment processors that facilitated the payouts were also notified and the accounts were banned.
While this means the campaign is being disrupted, researchers believe it has not been completely destroyed. Since no arrests have been made, they believe it is only a matter of time before the crooks start rebuilding the network. As we approach the holiday season, it is essential that consumers remain vigilant and only shop on reputable websites.
Via BleepingComputer