With “tens of millions of dollars” stolen from “hundreds of thousands” of web users, a serious warning has just been issued to the billions of users of the most popular web browsers. Google has removed well-known websites from search results, but that won’t eradicate links elsewhere, on social media and messaging platforms. It is essential that all users know what to look for. Bottom line: you should not use these websites.

Human Safety Satori The researchers warn that the threat actors “directed traffic to fake web stores by infecting legitimate websites with a malicious payload. This payload creates fake product listings and adds metadata that places these fake listings near the top of search engine rankings for the items, making them an attractive offer to an unsuspecting consumer. “When a consumer clicks on the article link, they are redirected to another website, this one controlled by the threat actor.”

ForbesNew Microsoft Windows Password Warning: Stop Doing This Now, US Government SaysBy Zak Doffman

On the dangerous website itself, users would be directed to a legitimate payment processing platform to purchase the chosen product. That product would never arrive, of course, but they would surely take the money. While many consumers may be protected from the ultimate financial cost through credit card chargebacks, that is never guaranteed until a claim is investigated.

In the most recently discovered campaign, bad actors “infected more than 1,000 websites to create and promote fake product listings and created 121 fake web stores to deceive consumers… estimating losses of tens of millions of dollars over the past few years.” five years, with hundreds of thousands of dollars.” of victimized consumers.”

So what can you look for to prevent your money from disappearing into a black hole?

1. Product deals that seem too good to be true usually are; If a bargain is offered below market rates, don’t proceed unless you can verify the site.
2. Check consistency between website names and names that appear in pop-ups, payment processing windows, and the URL. This specific campaign infected legitimate websites and then redirected them to other locations.
3. Does the ordering process feel completely legitimate? Do you have address details auto-complete, for example, do you check the quality of the data you enter?
4. If it’s a website you haven’t used before, check the reviews carefully; remember that they may be fake and look for known reviews of the site.
5. Can you find the product on a well-known website, even if it is more expensive?

This campaign, dubbed “phish and ship” by the research team, included a number of sophisticated touches: metadata to rise to the top of search results, although Google has removed those known to be fraudulent. By infecting legitimate websites, in this case users would initially be lulled into a false sense of security, but the redirection to a fake web store is when alarm bells should start ringing.

You can find a list of all known fake websites heresome of which remain active despite known threats according to this latest report.

ForbesWhy you should buy a new Microsoft Windows PC in 2025By Zak Doffman

“This operation highlights the relationship between the digital advertising ecosystem and fraud,” says Satori. “Without the fake organic and sponsored product listings from threat actors, there would have been no traffic to the fake web stores and therefore no fraud. “A key takeaway from Phish ‘n’ Ships is that digital advertising can be dangerous and consumers should be careful when clicking to the next step in a digital journey.”

Users of the main browsers are victims of these types of attacks. The research team warns that “Phish ‘n’ Ships remains an active threat,” although Google’s removal has “partially disrupted” its threat. “Threat actors are unlikely to stop working without trying to find a new way to perpetuate their fraud.”