Newsroom

HUMAN Uncovers Phish ‘n’ Ships Scheme That Stole Tens of Millions from Unsuspecting Shoppers

By HUMAN

The operation employed a global network of over 200 fake online shops to deceive hundreds of thousands of consumers, stealing their payment card information while failing to deliver the products they paid for

NEW YORK -  (October 31, 2024) - HUMAN Security, Inc., the global cybersecurity leader in disrupting bot attacks and preventing digital fraud and abuse, announced today that its Satori Threat Intelligence and Research team has uncovered a complex fraud operation called Phish ‘n’ Ships that stole tens of millions of dollars from unsuspecting consumers hunting for hard-to-find items. 

Named for the operation’s ability to phish consumers of their payment card information while not shipping them the items they believe they paid for, the scheme centered on fake web shops that abuse digital payment providers to steal consumers’ money and payment card information. The Satori team identified over 1,000 infected websites used by the threat actors to stage fake product links, which redirected to 200+ fake webshops with 121 still active during the investigation. Through consultations with the affected payment processors, Phish ’n’ Ships has been disrupted: the fake product listings that made up a key source of traffic to the fake web stores have been removed by Google from the search results, and the threat actors’ accounts have been removed from the payment processor platforms. Dozens of storefronts were taken down in collaboration with HUMAN partners. However, the operation is still active, and Satori researchers continue to monitor the threat actors for new evolutions of the scheme. 

“Phish ‘n’ Ships is especially devious because it stole tens of millions of dollars from unsuspecting consumers hunting for hard-to-find items,” said Gavin Reid, Chief Information Security Officer at HUMAN. “We’ve estimated that hundreds of thousands of consumers were victimized over the past five years due to this scheme. Especially during the holiday season when more consumers will be online shopping for gifts, helping our clients protect their customers from threats like these is paramount.” 

The scheme reinforces the role digital advertising plays in fraud, since ads and sponsored search listings lead unsuspecting consumers to fake web stores. The threat actors behind Phish ‘n’ Ships used well-known vulnerabilities to infect over 1,000 websites and stage fake product listings that reached the top of search results in Dutch, English, French, and German. The techniques used included coordination of search results, SEO poisoning and cashing out with fake shops. 

“Phish ‘n’ Ships underscores the value across the entire customer journey of a unified approach to digital fraud and abuse,” said Lindsay Kaye, Vice President of Threat Intelligence at HUMAN. “Components of the scheme targeted consumers at every stage in their buying journey, from seeing and clicking on an ad to arriving on and interacting with a web store to checking out through a payment provider integration. Understanding and stopping Phish ‘n’ Ships requires a full-spectrum plan of attack.

HUMAN customers were not directly affected by this threat. Our Satori Threat Intelligence and Research team proactively hunts for—and disrupts—new and emerging threats like Phish ‘n’ Ships, protecting HUMAN customers from the impacts of digital fraud. HUMAN customers enjoy priority access to information about investigations like Phish ‘n’ Ships and benefit from the enhanced AI-derived capabilities of our Decision Engine. 

About HUMAN

HUMAN is a leading cybersecurity company committed to protecting the integrity of the digital world. We ensure that every digital interaction, transaction, and connection is authentic, secure, and human. The Human Defense Platform safeguards the entire customer journey with high-fidelity decision-making that defends against bots, fraud, and digital threats. Each week, HUMAN verifies 20 trillion digital interactions, providing unparalleled telemetry data to enable rapid, effective responses to even the most sophisticated threats. Recognized by our customers as a G2 Leader, HUMAN continues to set the standard in cybersecurity. To ensure your digital connections are trusted, visit www.humansecurity.com