1. Forum
  2. tqw
  3. TQW GENTECH

  • Hundreds of online shops have been hacked to show fake product li

    From TechnologyDaily@1337:1/100 to All on Friday, November 01, 2024 17:45:05
    Hundreds of online shops have been hacked to show fake product listings in major phishing scam

    Date:
    Fri, 01 Nov 2024 17:33:00 +0000

    Description:
    Victims have already lost millions of dollars in a campaign that lasted for years.

    FULL STORY ======================================================================

    Hackers have been compromising online shops , redirecting people to copycat websites, and stealing both their data and their money there, experts have warned.

    The scam, dubbed Phish n Ships by the Satori Threat Intelligence team from HUMAN which uncovered it, stole tens of millions of dollars until it was finally discovered and stopped.

    Phish n Ships most likely started in 2019. The crooks would break into legitimate online stores in different ways - leveraging n-day
    vulnerabilities, server misconfigurations, easy-to-guess passwords , or in other ways. Once they gain access, they would upload multiple scripts which would allow them to upload fake product listings. Disrupting the campaign

    The listings would come with SEO-friendly metadata, to make sure they are
    easy to find through search engines. The fake products, usually for hard-to-find items such as the Nintendo power glove oven mitt, would lead the victims away from the legitimate stores, and through a series of redirects, which end on a copycat website imitating the original, legitimate store.

    There, the victims go through a checkout process, giving away not just sensitive information, but also money, to the attackers.

    Satori says that thousands of legitimate websites were compromised this way, and hundreds of thousands of people victimized. The damages are being counted in tens of millions of dollars.

    To make matters worse, the crooks were withdrawing the money with no problem, for years. However, Satoris researchers managed to notify almost all of the victimized websites, and with the help of Google, removed all malicious listings from search engine results.

    Finally, the payment processors who were facilitating the cashouts were also notified, and the accounts were banned.

    While this means the campaign is disrupted, the researchers believe its not completely destroyed. Since no arrests were made, they believe it is only a matter of time before the crooks start rebuilding the network all over again. As we approach the holiday season, it is essential consumers remain vigilant and only shop on reputable websites.

    Via BleepingComputer More from TechRadar Pro How ecommerce retailers can ensure consumer safety in 2024 Here's a list of the best firewalls today
    These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hundreds-of-online-shops-have-been-hack ed-to-show-fake-product-listings-in-major-phishing-scam


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)