SECURITY
SECURITY
SECURITY
Phish ’n’ Ships: Human Security warns of fake shops exploiting payment platforms and SEO
A new report out today from cybersecurity company Human Security Inc. is warning of a large-scale phishing scheme, dubbed “Phish ‘n’ Ships,” that leverages fake online shops and search engine manipulation to defraud consumers.
Uncovered by the company’s Satori Threat Intelligence and Research team, the Phish ‘n’ Ships scheme is described as a sophisticated effort to exploit consumers by using fake web shops and compromised search engine ranks. The threat actors behind the scheme infect legitimate websites to create and rank fake product listings for popular items, making them appear in top search results. When unsuspecting consumers click on these links, they are redirected to counterfeit stores controlled by the attackers.
Once on the fake site, consumers go through what appears to be a typical online checkout process. Payment information is collected through one of several targeted payment processors, allowing the attackers to capture funds and sensitive card data. Victims believed they were purchasing real items, but the products never arrived.
The report notes that the operation has affected more than 1,000 websites and created 121 fake online stores, costing victims millions of dollars. By abusing search engine optimization tactics, the attackers drew significant traffic to the counterfeit sites, with the scheme estimated to have hit hundreds of thousands of consumers over the past five years.
While not outright saying that those behind the scheme were from mainland China, the report does state that the internal tools used by the threat actors used Simplified Chinese, the form of Chinese used in mainland China, versus traditional Chinese that is used in Hong Kong, Taiwan and Macau.
Working with payment platforms, Human Security has managed to disrupt much of the operation, including having Google remove many of the fraudulent listings from its search results and the payment processors involved having suspended the accounts associated with the scheme. Law enforcement agencies and the broader threat intelligence community have also been informed to prevent further losses.
Though the links to the scheme may have mostly been removed and its operations stunted, Phish ‘n’ Ships remains a live threat, with attackers searching for new methods to evade detection. Human Security is warning consumers to remain vigilant when shopping online, especially for deals that seem too good to be true.
Image: SiliconANGLE/Ideogram
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
