Threat Intelligence Alert: Phish 'n' Ships Fakes Online Shops to Steal Money and Credit Card Information

Nov. 1, 2024, 12:26 a.m.

Description

A sophisticated fraud scheme dubbed 'Phish 'n' Ships' has been uncovered, involving fake web shops that exploit digital payment providers to steal consumers' money and credit card information. The operation, traced back to 2019, has infected over 1,000 websites, created 121 fake web stores, and resulted in estimated losses of tens of millions of dollars. The threat actors, using tools with Simplified Chinese language, drive traffic to these fake shops by infecting legitimate websites and manipulating search engine rankings. The scheme has been partially disrupted through collaborative efforts, but remains an active threat. This operation highlights the dangerous intersection between digital advertising and fraud, emphasizing the need for caution in online shopping.

External References

https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-phish-n-ships-fakes-online-shops-to-steal-money-and-credit-card-information
https://otx.alienvault.com/pulse/6723dea7b5edf25ba58bf36b
Tags
phishing
seo poisoning
2024-10-31
chinese threat actors
credit card theft
fake web stores
payment processor abuse
search engine manipulation
e-commerce fraud

Date

  • Created: Oct. 31, 2024, 7:46 p.m.
  • Published: Oct. 31, 2024, 7:46 p.m.
  • Modified: Nov. 1, 2024, 12:26 a.m.

Indicators

  • 210.16.120.35
  • 45.76.173.44
  • 104.128.239.68
  • 5.22.221.160
  • 173.214.161.82
  • 199.33.121.230
  • 199.33.127.244
  • 199.33.121.229
  • 209.74.107.132
  • 209.74.107.131
  • 209.74.110.211
  • 209.74.110.214
  • 209.74.110.213
  • 209.74.110.212
  • 209.74.110.181
  • 209.74.110.186
  • 209.74.110.188
  • 209.74.110.180
  • 209.74.110.187
  • 209.74.110.179
  • 209.74.110.189
  • 209.74.110.182
Download all indicators here!

Attack Patterns

Additional Informations

  • Retail
  • Finance