The HUMAN Threat Intelligence and Research team, Satori, has discovered a sophisticated network of websites that advertise themselves as online shops of various commodities, such as clothes, gaming miniatures or books. While the sites seem to be integrated with a third party payment system and able to take payment, the product listings are fake and customers do not receive the goods they tried to purchase. The Satori team identified over 1,000 infected websites used by the threat actors to stage fake product links, which redirected to 121 fake web stores.
We’ve estimated that hundreds of thousands of consumers were victimized over the past five years due to this scheme. Especially in the lead-up to the holidays when more consumers will be online shopping for gifts, helping our clients protect their customers from threats like these is paramount.
The threat actors behind Phish ‘n’ Ships used well-known vulnerabilities to infect various websites and stage fake product listings that rose to the top of search results in Dutch, English, French, and German. The techniques used included coordination of search results, SEO poisoning, and cashing out with fake shops. Based on Satori’s estimations Phish ‘n’ Ships has stolen tens of millions of dollars from unsuspecting consumers hunting for hard-to-find items.
Our talk will provide an overview of this campaign, a technical deep dive on the TTPs and a discussion of how they have evolved since its inception in 2019.
