A large-scale shopping scam has defrauded hundreds of thousands of consumers by hacking legitimate shopping websites, redirecting unsuspecting shoppers to fake stores, and collecting payment information without delivering products, according to cybersecurity researchers.
The scheme, which has reportedly netted tens of millions of dollars, involved malicious code embedded in legitimate websites to create fake product listings. This code also boosted these listings in search engine rankings, making them appear at the top of search results for specific, hard-to-find items. Once clicked, the fake links redirected victims to fraudulent websites controlled by cybercriminals. Here, one of four targeted third-party payment processors would “confirm” the purchase, but no product was ever shipped.
Satori Threat Intelligence, a unit of cybersecurity firm HUMAN, identified and disrupted this operation, dubbed “Phish ‘n’ Ships,” by notifying affected payment processors and law enforcement. Active since at least 2019, the scam used Simplified Chinese in its internal tools, suggesting a possible link to China. The scam targeted over 1,000 hacked websites and set up 121 fake online stores, collectively defrauding consumers out of millions of dollars.
Global Impact and the Ongoing Threat
This scam is part of a broader trend in online retail fraud. Earlier in 2024, German cybersecurity firm Security Research Labs reported a similar scheme, “BogusBazaar,” which appeared to originate in China and used similar methods to defraud online shoppers. Phish ‘n’ Ships shares certain characteristics with BogusBazaar, indicating a growing sophistication in online shopping scams that leverage hacked websites, SEO manipulation, and third-party payment processors.
The scam typically lures consumers seeking niche items with limited availability. For instance, one of the fake listings featured oven mitts designed to look like the Nintendo Power Glove, priced at $60. Despite Satori’s efforts to disrupt Phish ‘n’ Ships, the operation remains active, with scammers likely seeking new techniques to avoid detection.
Protecting Consumers from Phish ‘n’ Ships and Similar Scams
As online shopping scams continue to evolve, consumers should exercise caution, especially with hard-to-find items from unfamiliar sites. Experts advise verifying website authenticity, checking for reviews, and avoiding suspiciously low prices on rare items.
With this recent disruption by Satori Threat Intelligence and increased vigilance from consumers and cybersecurity firms, there’s hope for further curbing these operations. However, the ongoing presence of these scams underscores the need for heightened awareness in the online shopping landscape.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
