A sophisticated eCommerce fraud ring has been siphoning millions of dollars from unsuspecting consumers for over five years. The operation, dubbed “Phish 'n' Ships,” allegedly infected over 1,000 legitimate websites, creating fake product listings that lured victims with unrealistically low prices.
According to the Satori threat research team at Human Security, the fraud ring exploited known website vulnerabilities to insert fake product listings, which appeared authentic in design and placement. Through a tactic known as SEO poisoning, the fake listings were pushed to the top of search engine result pages, ensuring that they attracted high volumes of traffic from unsuspecting buyers.
When users clicked on the fake listings, they were automatically redirected to one of 121 fake web stores the fraudsters had set up, each designed to look like a legitimate eCommerce site.
Upon making a purchase a customer was presented with a legitimate-looking payment processor page, where the transaction was processed through real third-party payment systems.
Satori believes that the Phish 'n' Ships ring likely originated from a team of threat actors with roots in China, as evidenced by the use of Simplified Chinese in the group’s internal tools. The researchers estimate that hundreds of thousands of victims have been impacted, with losses totaling in the tens of millions of dollars.