Skip to main content

Thousands of E-Stores Hacked to Show Fake Product Listings

In a major discovery, cybersecurity firm HUMAN Security has uncovered a sophisticated phishing campaign, dubbed “Phish n' Ships”. This elaborate scheme targeted over 1,000 legitimate e-commerce websites, leading to estimated losses of tens of millions of dollars. Active since at least 2019, it has impacted hundreds of thousands of online shoppers, especially those seeking niche or hard-to-find products.

The scam, revealed by HUMAN’s Satori Threat Intelligence and Research team, exploits known vulnerabilities, misconfigurations, or compromised admin credentials to insert malicious scripts into legitimate sites. These scripts create deceptive product listings that rank prominently in search engine results, a tactic known as SEO poisoning.

Clicking on these links redirects unsuspecting consumers to counterfeit stores under the attackers' control. “Phish n’ Ships is especially devious because it stole tens of millions of dollars from unsuspecting consumers hunting for hard-to-find items,” noted Gavin Reid, Chief Information Security Officer at HUMAN.

The malicious web stores replicate legitimate shopping experiences, complete with a checkout process that collects payment card details. However, no products are ever shipped despite payment, and consumers’ sensitive financial data is captured. According to the report by BleepingComputer, the campaign used multiple payment processors to rake in profits.

Adding to the complexity, the cybercriminals used Simplified Chinese in their internal tools, indicating possible links to actors operating from mainland China.

HUMAN and partners have since collaborated with payment processors and law enforcement, notifying them to disrupt the scheme. This joint effort led to the removal of fraudulent listings from search engines and the suspension of malicious payment accounts, yet the Phish n’ Ships operation still remains a persistent threat.

“Phish ‘n’ Ships underscores the value across the entire customer journey of a unified approach to digital fraud and abuse,” said Lindsay Kaye, Vice President of Threat Intelligence at HUMAN. Though authorities have made headway, the attackers will likely continue searching for new vulnerabilities.

Cybersecurity experts urge consumers to stay vigilant when shopping online, especially during the holiday season. Shoppers should verify URLs, scrutinize unfamiliar redirects, and report suspicious transactions promptly.



See TessMore Internet Business Must-Reads
Labels:

Comments

Post a Comment

Popular posts from this blog

13 Best Cheap Web Hosting Services of 2022 (Ranked)

  Let’s face it: there are a ton of different   web hosting options   on the market with great features. A lot of the time, it comes down to price.  I ranked and reviewed the best cheap web hosting options to try this year.  These reviews are based on pricing, hosting features, integrations, security, speed, and more. Let’s get started. Disclaimer:  This article contains affiliate links that I receive a small commission for at no cost to you. However, these are merely the tools I fully recommend when it comes to hosting a website. You can read my full affiliate disclosure in my  privacy policy . What is the Best Cheap Web Hosting? Here are my top picks for the best cheap web hosting: 1.  Bluehost . Bluehost  is a web hosting company that hosts over 2 million domains collectively. Their initial plan starts at $2.95 per month, and you get a 30-days money-back guarantee with all the plans. Recommended web host by WordPress.org for more than a decade now, it also offers features like: A fr
Post a Comment
Read more

How to Safely Change Your WordPress Theme (Beginner’s Guide)

Learning how to change your WordPress theme seems like a very basic thing. Simply go to Appearance > Themes , hover over any of the available WordPress themes, and click Activate , right? While that is correct in principle and works well for a site that is basically empty, it gets a bit more complicated for an established website with a lot of content. In that case, it becomes more of a case of how to change your WordPress theme safely and without losing anything. And that’s exactly what will talk about here. In the following, you will learn what risks there are to changing your WordPress theme. We will talk about how to prepare for the switch, different ways of performing it, and how to check your site after you are done. Changing Your WordPress Theme: Potential Risks Before going over the how-to part, let’s first discuss why you need to be cautious when changing your WordPress theme and what things can break. First of all, you can generally relax. WordPress is built in a way
Post a Comment
Read more

Five Common iPage Email Problems and Solutions

If you’re paying for some of the popular services offered by iPage – cheap web hosting , domain names , and dedicated servers  – you’re likely using iPage email as well.  iPage is well known for its affordable pricing and user-friendly solutions. However, its services have not always been 100% reliable.  Such is the case with iPage email, which often stops working. If your email is acting up, several possible reasons exist. Read on to find out why you can’t access your iPage webmail and what you can do about it. Reasons why iPage email isn’t working  If your iPage email is not working, that’s usually because you’ve typed in the wrong password or account name or your internet connection is not strong enough. Other suspects are a blocked IP address, a poorly set up email account, and an overloaded queue.  Your IP is blocked  When you enter a wrong password 6 times in a row in under 5 minutes, iPage blocks your IP address out of precaution. You have to wait for 3 hours to reset
Post a Comment
Read more