2 weeks Ago
New warning for web shoppers With “tens of millions of dollars” stolen from “hundreds of thousands” of web users, a serious warning has just been issued for the billions of users of the most popular web browsers. Google has removed known websites from search results, but that will not eradicate links elsewhere, on social media and messaging platforms. It is critical all users know what to look for.
Put very simply—you must not use these websites. Human Security’s Satori researchers warn that threat actors “drove traffic to fake web shops by infecting legitimate websites with a malicious payload. This payload creates fake product listings and adds metadata that puts these fake listings near the top of search engine rankings for the items, making them an appealing offer for an unsuspecting consumer.
When a consumer clicks on the item link, they’re redirected to another website, this one controlled by the threat actor.” On the dangerous website itself, users would be directed to a legitimate payment processing platform to buy their chosen product. That product would never arrive, of course, but the money would certainly be taken.
While many consumers may be protected from the ultimate financial cost through credit card chargebacks, that’s never guaranteed until a claim is investigated. In the campaign most recently outed, bad actors “infected more than 1,000 websites to create and promote fake product listings and built 121 fake web stores to trick consumers..
. estimating losses of tens of millions of dollars over the past five years, with hundreds of thousands of consumers victimized.” A Powerful Russian Division Is Grinding Away At Ukrainian Paratroopers In Illinka—And Losing Staggering Numbers Of Vehicles NYT ‘Strands’ Hints, Spangram And Answers For Monday, November 4 The Good, Bad And Ugly From The Packers’ Loss To The Lions Attack chain—do not be fooled So, what can you look for to avoid seeing your money disappear into a black hole: This campaign, dubbed “phish and ships” by the research team, included a number of sophisticated touches—metadata to hit the top of search results, albeit Google has removed those known to be fraudulent.
By infecting legitimate websites, in this instance users would be lulled into a false sense of security initially, but the redirect to a fake web store is when alarm bells should start to ring. A list of all known fake websites can be found here , some of which remain active despite the known treats per this latest report. “This operation underscores the relationship between the digital advertising ecosystem and fraud,” Satori says.
“Without the threat actors’ staged fake organic and sponsored product listings, there would have been no traffic to the fake web stores and therefore, no fraud. A key takeaway from Phish ‘n’ Ships is that digital advertising can be dangerous, and consumers should exercise caution when clicking through to the next step in a digital journey.” Users of all major browsers fall victim to such attacks.
The research team warns that “Phish ’n’ Ships remains an active threat,” albeit Google’s takedown has “partially disrupted” its threat. “It’s unlikely the threat actors will pull the plug on their work without trying to find a new way to perpetuate their fraud.”.
