A new report out today from cybersecurity company Human Security Inc. is warning of a large-scale phishing scheme, dubbed “Phish ‘n’ Ships,” that leverages fake online shops and search engine manipulation to defraud consumers.

Uncovered by the company’s Satori Threat Intelligence and Research team, the Phish ‘n’ Ships scheme is described as a sophisticated effort to exploit consumers by using fake web shops and compromised search engine ranks. The threat actors behind the scheme infect legitimate websites to create and rank fake product listings for popular items, making them appear in top search results. When unsuspecting consumers click on these links, they are redirected to counterfeit stores controlled by the attackers.

Once on the fake site, consumers go through what appears to be a typical online checkout process. Payment information is collected through one of several targeted payment processors, allowing the attackers to capture funds and sensitive card data. Victims believed they were purchasing real items, but the products never arrived.

The report notes that the operation has affected more than 1,000 websites and created 121 fake online stores, costing victims millions of dollars. By abusing search engine optimization tactics, the attackers drew significant traffic to the counterfeit sites, with the scheme estimated to have hit hundreds of thousands of consumers over the past five years.

While not outright saying that those behind the scheme were from mainland China, the report does state that the internal tools used by the threat actors used Simplified Chinese, the form of Chinese used in mainland China, versus traditional Chinese that is used in Hong Kong, Taiwan and Macau.

Working with payment platforms, Human Security has managed to disrupt much of the operation, including having Google remove many of the fraudulent listings from its search results and the payment processors involved having suspended the accounts associated with the scheme. Law enforcement agencies and the broader threat intelligence community have also been informed to prevent further losses.

Though the links to the scheme may have mostly been removed and its operations stunted, Phish ‘n’ Ships remains a live threat, with attackers searching for new methods to evade detection. Human Security is warning consumers to remain vigilant when shopping online, especially for deals that seem too good to be true.

Image: SiliconANGLE/Ideogram