marry 01.11.2024, 12:30 PM
Hundreds of thousands of people have been duped by hacking into legitimate shopping websites and redirecting customers to fake online stores that sell hard-to-find goods but the thieves never deliver them, cyber security researchers from Satori Threat Intelligence.
The fraudsters used code that creates fake product listings and adds metadata that puts these fake listings at the top of product search results on search engines.
By clicking on one of those links, the victims were sent to another website, controlled by cybercriminals, where the victims’ credit card information was collected and the “purchase” was confirmed, but the purchased product would never reach the victim’s address.
The researchers said they were able to largely disrupt the operation by notifying the affected payment processors and law enforcement. The scheme, called “Phish ‘n’ Ships,” dates back to at least 2019.
Internet users have been warned about such scams for years. Earlier this year, the German company Security Research Labs GmbH reported on a similar large-scale operation, called Bogus Bazaar. Phish ‘n’ Ships has some elements in common with that scam and in both cases China is the main hub of operations.
Phish ‘n’ Ships scammers infected more than 1,000 websites to create and promote fake product listings and created 121 fake web stores to trick consumers, researchers said. The damage is estimated at “tens of millions of dollars over the past five years, with hundreds of thousands of victims.”
The researchers say that despite the current outages, the operation is an active and ongoing threat, although it appears that fraudsters “have been forced to look for new methods”.
The duped customers often asked for certain items with limited supplies, the researchers said, citing oven mitts that look like the Nintendo Power Glove video game accessory from the 1980s. One fake website was offering them for around $60.
Photo: Pavel Danilyuk | Pexels
Source: www.informacija.rs
