Researchers at the Satori Threat Intelligence and Research team have published their findings about a group of cybercriminals that infect legitimate web shops to create and promote fake product listings.<\/p>\n
The threat, dubbed “Phish \u2018n Ships” by the researchers, reportedly<\/a> infected more than 1,000 websites and built 121 fake web stores to trick consumers. Estimated losses are in the region of tens of millions of dollars over the past five years.<\/p>\n The group infected legitimate web shops with a malicious payload that would redirect visitors to web shops under their own control. While visiting such an affected web shop the visitor would be served fake product listings. When they clicked on the link for that item, hundreds of thousands of victims were redirected.<\/p>\n The fraudsters also made sure that their fake product listings contained metadata that put them near the top of search engine rankings for those items. SEO poisoning is a technique employed by cybercriminals to manipulate search engine results, making harmful websites or advertisements appear at the top of search results.<\/p>\n On the fake web shop, one of four targeted third-party payment processors collects credit card info and confirms a \u201cpurchase,\u201d but the product never arrives.<\/p>\n The fraudsters used several established vulnerabilities to infect a wide variety of web shops.<\/p>\n For the users it\u2019s not just the payment for an article they\u2019ll never receive and the disappointment about not getting that sought-after article, but there is also the risk of providing cybercriminals with their payment card information.<\/p>\n The campaign has been disrupted for a large part due to the efforts of the researchers, but they warn that part of it is still active.<\/p>\n Keep an eye on the website displayed in the address bar. Did the advertisement you clicked on take you to the expected web shop? And when the checkout process runs through a different web shop, this is another reason for alarm.<\/p>\n Be especially cautious when you are looking for hard-to-get items, because this is what the group specializes in.<\/p>\n If you are suspicious, it\u2019s a good idea to try the input validation of the shipping information. The fraudsters do not care whether you fill out a real phone number or street address since they have no intention of shipping anything, so the validation process does not work. On a legitimate web shop this should work and warn visitors about invalid entries.<\/p>\n Malwarebytes\u2019 web protection module and Browser Guard block the IP addresses in use by this group.<\/p>\n We don\u2019t just report on threats\u2014we remove them<\/strong><\/p>\n Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today<\/a>.<\/p>\nSo, what can consumers do to stay safe?<\/h2>\n
\n