Date:
November 07, 2024
Satori researchers have issued an urgent warning to Chrome, Safari, Edge, And Firefox Users after over 10 million were stolen from online shoppers.
Human’s Satori Threat Intelligence and Research team has revealed an ongoing sophisticated scam dubbed Phish ‘n’ Ships, which estimates that tens of millions have been stolen from online shoppers in the last five years. The threat actors have infected over 1000 legitimate online shopping websites with genuine products listed with too-good-to-be-real offers and discounts.
Victims were redirected from the legitimate website to a fake one that was extremely difficult to identify. Considering the core source of redirection was a genuine website with global authority, the victims did not experience hesitation in completing their transactions on fake payment portals. The orders were placed successfully, and no product was ever arriving.
The UK government’s security agency estimates millions of victims have been without much support over the years as they manually enter their credentials and transaction passwords. The dangerous campaign has managed to inflate search signals to relatively new, malicious websites, which has helped the rankings of the fake websites grow rapidly. Over 121 fake web stories have been identified, tricking users with genuine products at unreal prices to redirect them to fake portals. Some of the 1000 fake websites are still active despite their identification as being shared with popular search engines.
Google has removed all the websites working on the threat campaign. But that’s not enough. Microsoft’s Bing has only a 4% market share of online searches and acts as a great alternative to Google in conducting fraudulent campaigns. In some cases, the fake websites were indexed on top search engines much before the original ones did. What worries the agency most is that these attacks are expected to expand to AI search results as it is much more prone to show falsely worded information.
“This operation underscores the relationship between the digital advertising ecosystem and fraud. Without the threat actors’ staged fake organic and sponsored product listings, there would have been no traffic to the fake web stores and, therefore, no fraud. A key takeaway from Phish ‘n’ Ships is that digital advertising can be dangerous, and consumers should exercise caution when clicking through to the next step in a digital journey.”
- Satori
NCSC has issued a warning to legitimate companies that digital ad campaigns can expose their customers to fraud if they don’t introduce countermeasures against malvertising. The warning also underlines the responsibility of facilitating the platform’s technology to support fraudulent digital advertisers without adequate verification methods.
Even the best internet browsers are unable to provide support, as the scam primarily revolves around consumer trust and manual redirection to fraudulent websites. As a measure, Satori has sent notifications to all federal agencies to populate the warning to billions of online shoppers and raise awareness as an immediate measure.
