BogusBazaar: gang in China behind tens of thousands of fake stores

A criminal organization from China is responsible for at least 76,000 fake stores on the internet, which have been used to steal credit card data from more than 850,000 people. This has been determined by various media on the basis of several gigabytes of data that the German cybersecurity company "SR Labs" first handed over to "Die Zeit". SR Labs calls the organization "BogusBazaar" and explains that the criminals' software is used to semi-automatically create online stores under expired domains. Branded goods are then offered there at extremely low prices. The victims, most of whom live in Western Europe and the USA, are then first robbed of their credit card details and later sold counterfeits in some cases.

Online fraud as a business model

The reports indicate that the extensive fraud operates via a kind of franchise system. The core team develops the software used in the fake stores, while they are operated by others. As per SR Labs, approximately 23,000 of the 76,000 fake stores remained accessible in April. Data shows that these sites have received orders totaling 50 million US dollars since 2021, excluding the misuse of stolen credit card data. A significant number of victims are reported in France and the USA, followed by Germany, Italy, the UK, and Spain. Germany alone accounts for more than 100,000 attempted orders.

Expired domains are used for the scam, preferably those with a high reputation with Google, writes SR Labs. Online stores based on WordPress are then set up there in suitable languages, offering supposedly discounted branded items from Dior, Nike, Lacoste, Hugo Boss, Versace, Prada and similar manufacturers. Anyone who falls for it and enters their credit card details has sent them directly to the criminals, in return for which they simply receive an error message. In some cases, however, the victims are then redirected and can supposedly order goods. However, these are never delivered; at best, they receive completely unrelated items – cheap sunglasses instead of a blazer, for example.

According to the Zeit report, SR Labs has discovered a database with 476,000 credit card numbers including the names and addresses of the owners - including the three-digit security number. There are also allegedly extensive documents in which screenshots are used to explain how the fake stores are set up. There are also further manuals and training documents. According to the reports, the gang is posing as a legitimate "foreign trade company" in China and is looking for programmers and data entry clerks. Employees earn between 350 and 700 euros a month, but managers receive bonuses of several hundred thousand euros.

Be careful when shopping online

As the gang in China is outside the reach of Western law enforcement authorities, it is unclear whether the People's Republic will now take action against their activities following the international media reports. Internet users should therefore exercise caution. It is often said that if an offer seems too good to be true, it probably is not. The reliability of online stores can be checked using the fake store finder from the consumer advice center, for example. Die Zeit also spoke to a woman who owned one of the domains that is now being used for fraud. She could do nothing about it. According to SR Labs, it has also passed the data on to the authorities, after which some of the fake stores went offline.

(mho)