Threat Intelligence Alert: Phish 'n' Ships Fakes Online Shops to Steal Money and Credit Card Information
Nov. 1, 2024, 12:26 a.m.
Tags
External References
Description
A sophisticated fraud scheme dubbed 'Phish 'n' Ships' has been uncovered, involving fake web shops that exploit digital payment providers to steal consumers' money and credit card information. The operation, traced back to 2019, has infected over 1,000 websites, created 121 fake web stores, and resulted in estimated losses of tens of millions of dollars. The threat actors, using tools with Simplified Chinese language, drive traffic to these fake shops by infecting legitimate websites and manipulating search engine rankings. The scheme has been partially disrupted through collaborative efforts, but remains an active threat. This operation highlights the dangerous intersection between digital advertising and fraud, emphasizing the need for caution in online shopping.
Date
Published: Oct. 31, 2024, 7:46 p.m.
Created: Oct. 31, 2024, 7:46 p.m.
Modified: Nov. 1, 2024, 12:26 a.m.
Indicators
210.16.120.35
45.76.173.44
104.128.239.68
5.22.221.160
173.214.161.82
199.33.121.230
199.33.127.244
199.33.121.229
209.74.107.132
209.74.107.131
209.74.110.211
209.74.110.214
209.74.110.213
209.74.110.212
209.74.110.181
209.74.110.186
209.74.110.188
209.74.110.180
209.74.110.187
209.74.110.179
209.74.110.189
209.74.110.182
Attack Patterns
T1557
T1189
T1071.001
T1598
T1195
Additional Informations
Retail
Finance