New warning for Chrome, Safari, Edge and Firefox: do not use these websites

Updated on November 6 with news of a dangerous new search engine attack.

Now that “tens of millions of dollars” have been stolen from “hundreds of thousands” of internet users, a serious warning has just been issued to the billions of users of the most popular web browsers. Google has removed well-known websites from search results, but that won’t remove links on social media and messaging platforms. It is crucial that all users know what to look for. Very simply put: you are not allowed to use these websites.

Satori of human security Researchers warn that threat actors have “directed traffic to fake online stores by infecting legitimate websites with a malicious payload. This payload creates fake product listings and adds metadata that places these fake listings at the top of search engine rankings for the items, making them an attractive offer to an unsuspecting consumer. When a consumer clicks on the article link, he or she is redirected to another website, operated by the threat actor.”

ForbesGoogle’s update error: Do not change this new Play Store settingBy means of Zak Duffman

The dangerous website itself would direct users to a legitimate payment processing platform to purchase their chosen product. Of course, that product would never arrive, but the money would certainly be taken. While many consumers may be protected from the ultimate financial costs through credit card chargebacks, this is never guaranteed until a claim is investigated.

In the latest campaign, malicious actors “infected more than 1,000 websites to create and promote fake product listings and built 121 fake online stores to deceive consumers… with losses estimated at tens of millions of dollars over the past five years, affecting hundreds of thousands of consumers who are the victims.”

So what can you pay attention to to prevent your money from disappearing into a black hole:

1. Product deals that seem too good to be true usually are, if a bargain is offered below market price, don’t proceed unless you can verify the site
2. Check consistency between website names and the names that appear in pop-ups, payment processing windows, and the URL. This particular campaign infected legitimate websites and then led elsewhere
3. Does the ordering process feel completely legitimate? For example, does it have address information for autocomplete, does it check the quality of the data you enter?
4. If this is a website you haven’t used before, check the reviews carefully. Be aware that they could be fake, and look for known website reviews of the site
5. Can you find the product on a well-known website even if it is more expensive?

This campaign, which the research team called “phish and ship,” included some sophisticated details: Metadata to get to the top of search results, although Google removed the data known to be fraudulent. Infecting legitimate websites would initially lull users into a false sense of security, but redirection to a fake online store is when alarm bells should start ringing.

A list of all known fake websites can be found heresome of which remain active despite the familiar treats according to this latest report.

ForbesWhy you should buy a new Microsoft Windows PC in 2025By means of Zak Duffman

“This operation underlines the relationship between the digital advertising ecosystem and fraud,” Satori said. “Without the fake organic and sponsored product listings staged by the threat actors, there would have been no traffic to the fake online stores and therefore no fraud. A key takeaway from Phish ‘n’ Ships is that digital advertising can be dangerous, and consumers should be careful when clicking through to the next step in a digital journey.”

Users of all major browsers fall victim to such attacks. The research team warns that “Phish ‘n’ Ships remains an active threat,” even though Google’s removal has “partially disrupted” this threat. “It is unlikely that the threat actors will pull the plug on their work without trying to find a new way to perpetuate their fraud.”

When it comes to unreliable search results causing dangerous phishing attacks, another nasty new twist has emerged. Malwarebytes warns that “a new wave of banking phishing is targeting consumers via Microsoft’s search engine. A Bing search for ‘Keybank login’ currently returns malicious links on the first page, and sometimes as the top search result.”

Microsoft’s share of search results pales in comparison to Google’s, although as with the ongoing campaign to push Chrome users to Edge, it is now dipping its toes deep into its pockets to do the same with Bing. with a new $1 million giveaway.

“While Microsoft’s Bing only has about 4% of the search engine market share,” says Malwarebytes, “scammers are drawn to it as an alternative to Google. A particularly interesting detail is how a phishing website created less than two weeks ago is already being indexed and served before the official website.”

This dangerous new campaign has managed to blow up search signals for new, malicious sites, tricking users into clicking on high search results for common keywords. “The first result is a malicious link that pretends to be Keybank’s login page… Attackers are abusing Bing’s search algorithms.”

Users who click on links are redirected to malicious websites created for the campaign. This uses the official branding of the bait to further mislead users. The intention is simply to collect identities, login details and passwords. The attackers have even found ways in which they can collect MFA codes to facilitate logins.

Similar to the “Phish and Ships” attack, this socially designed manipulation of search results, combined with behind-the-scenes deception to shift traffic from legitimate sites to malicious sites, is clearly effective, allowing attackers to make millions.

ForbesMicrosoft Update Decision: 50 Million Windows Users Must Act NowBy means of Zak Duffman

The concern for users will be the expected rise in AI-based searches, which pose a threat not only to established search engines, but also to users who lack the long-term defenses and ‘spidey senses’ to see attacks coming.

Ironically, we just saw it too a phishing attack claiming to come from OpenAI itselfthat emphasizes that brave new world point.

Buyers beware…