Nearly a million victims affected by massive BogusBazaar campaign – credit card details stolen, but here’s how to stay safe
Nearly a million people around the world have fallen victim to a well-organized fraud campaign that has defrauded them of around $50 million in recent years.
According to a report from SRLabs, a group of cybercriminals, supported by a broader network of affiliates, was organized into a crime ring called BogusBazaar. This ring automated the creation and rotation of thousands of fake shopping websites – 22,500 domains to be exact.
Through these shopping sites, the criminals did two things: steal credit card and other payment information, and steal money.
Well organized group
Stealing credit card information is as easy as one would imagine from fake shopping sites: someone tries to buy something from the site, provides their payment information, and never receives the item they ordered. PayPal and Stripe data were stolen from the victims in the same way.
Stealing money worked in a slightly different way. Some victims actually received an item, albeit not the one they ordered, but rather a cheap or counterfeit one.
“Operating fraudulent online stores is a seemingly small, but well-organized crime,” says Matthias Marx, security advisor at SRLabs. The register. “As each fraud case has a relatively low volume, the fraudsters appear to have managed to evade the attention of law enforcement authorities despite making millions.”
The majority of the victims were in Western Europe, Australia and America.
The worst part is that the campaign is still ongoing and is decentralized and automated in a way that makes it difficult for law enforcement agencies to eradicate it completely. As soon as one website is taken down, another takes its place. The attackers often use expired domains with good reputations, which makes detecting fraud even more difficult at first.
The majority of fraudsters appear to operate from China.
The internet is full of scammers and fraudsters looking to steal people’s money and sensitive information. The best way to stay safe is to always ensure that you buy from trusted sources and official websites. If you know the store’s website, type its address into the bar instead of searching for it on Google or other search engines.
If you are redirected to a website, check the address and make sure it does not contain any strange typos or strange-looking characters.
And finally: always use your common sense. If something is too good to be true, then it most likely is.