HQ/EMEAFind out how we can help your business
Phish n’ Ships, a phishing operation that has been active since 2019, has infected thousands of online retailers by promoting fake listings for rare products.
Based on reports, the phishing operation will redirect unaware users who click on these listings to hundreds of bogus web stores that could take their personal information and money without shipping anything.
The operation has already affected hundreds of thousands of consumers and resulted in projected losses of tens of millions of dollars.
The Phish n’ Ships phishing campaign leverages n-days to execute its infection process.
The Phish n’ Ships operation starts infecting legitimate websites with malicious scripts using known vulnerabilities (n-days), misconfigurations, or compromised admin credentials.
Subsequently, once they infiltrate the site, the threat actors upload scripts with obscure names like “zenb.php” and “khyo.php. “They then post items with false product listings on these sites.
These listings also include SEO-optimised metadata to boost their ranking in Google search results, where victims can easily find these malicious sites. Once the victims click on these links, the campaign will send them through a series of steps, eventually leading to fake websites. The websites frequently impersonate the interface of the compromised e-store or have a similar appearance.
If the victims try to purchase the items on the fake business, the attack will send them to a bogus checkout page. This page can then steal the victims’ information into the order fields. Some fields will request credit card information, and the payment will be processed through an attacker-controlled semi-legitimate payment processor account.
However, the purchased item is fake; hence, customers wait for items that are never shipped, resulting in the victims losing both money and data. Furthermore, the researchers revealed that Phish n’ Ships has been in operation for almost half a decade now and has utilised various payment sources for its scams.
Consumers should be wary of unexpected redirects while browsing e-commerce platforms. They should also double-check the shop URL when attempting to purchase an item to prove its legitimacy and avoid falling victim to scams that could result in financial loss.
