A recent warning has been issued for billions of web users due to a serious security threat. Google has removed known fake websites from search results, but the malicious activity continues elsewhere. Threat actors have infected hundreds of thousands of legitimate websites with a malicious payload, creating fake product listings that appear near the top of search engine rankings.
When consumers click on these links, they’re redirected to another website controlled by the threat actor, where they’re tricked into buying products that never arrive. The money is taken, and while credit card chargebacks can provide some protection, it’s not guaranteed until a claim is investigated.
The campaign, dubbed “phish and ships,” has been linked to tens of millions of dollars in losses over the past five years, with hundreds of thousands of consumers victimized. To avoid falling prey, look for signs such as:
– Product deals that seem too good to be true
– Inconsistent website names across different platforms
– Legitimate-looking ordering processes with autofill details
– Fake or unknown reviews
– Difficulty finding the product on a known website
The research team warns that this threat remains active and that digital advertising can be dangerous. Google’s takedown has partially disrupted the threat, but it’s unlikely that the actors will stop their work without finding a new way to perpetuate their fraud.
Source: https://www.forbes.com/sites/zakdoffman/2024/11/04