Chinese crooks behind one of the world’s ‘biggest online scams’ have tricked 800,000 people from Europe and the US into providing card details and personal details through stores selling fake designer goods
Research has revealed that Chinese scammers using fake websites to sell designer products at huge discounts have made off with the credit card details and personal details of up to 800,000 people in Europe and the US.
The scheme, which has been labeled by a UK trading standards body as one of the biggest ever scams of its kind, involves more than 75,000 websites carrying the logos of various high-end brands – from Nike to UNIQLO and from Paul Smith to Cartier – who claim to sell products. merchandise at low prices.
English versions of the sites are accompanied by duplicates in several European languages, including French, German, Spanish and Italian, designed to deceive unsuspecting shoppers from the continent to North America.
And while roughly two-thirds of them have now been disabled, researchers believe more than 22,500 are still active and continuing to deceive bargain-hunting online shoppers.
SR Labs, a German cybersecurity consultancy that exposed the scam, said a group of programmers appeared to have created a system to quickly generate and deploy new sites, dramatically expanding their reach.
The Chinese group, dubbed ‘BogusBazaar’ by SR Labs, is alleged to have defrauded millions of pounds, euros and dollars from their victims (stock image)
Chinese scammers have used fake websites claiming to sell designer products at huge discounts to steal people’s data
The Chinese group, dubbed ‘BogusBazaar’ by SR Labs, is said to have defrauded millions of pounds, euros and dollars from their victims since it launched the first sites in 2015.
It is believed that around 476,000 people have shared their debit and credit card details, including their three-digit security number.
But in many cases, the scammers were not after money. Customers were often told at checkout that their bank, or the website itself, had rejected the payment request.
While the money may have remained in their accounts, their personal information – including full name, address, credit card number and three-digit security code – was all in the hands of the scammers.
“Data is the new currency,” said Jake Moore, a global cybersecurity consultant at software company ESET, told The guard.
“The bigger picture is that you have to assume that the Chinese government may have access to the data,” he said.
SR Labs consultant Matthias Marx explained how a small team of programmers appeared to have developed a system that can partially automate the generation and publishing of new versions of scam sites, allowing the team to rapidly scale their operations.
A wider team is then brought in to oversee and manage these sites in a sort of ‘franchise’ model.
English versions of the sites are accompanied by duplicates in several European languages, including French, German, Spanish and Italian, designed to deceive unsuspecting customers
He explained that a core team develops the software and supports the operation of the network, while franchisees “manage the day-to-day operations of fraudulent stores.”
SR Labs chose to share the results of their research with the German newspaper Die Zeitwho then teamed up with The Guardian and French outlet Le Monde to dig deeper.
Their research found that there was a wide variety in the brands and companies that the Chinese developers used to build their scams.
While many of the brands were big haute couture hits, such as Christian Dior, the researchers also found sites that mimicked British high street favorites, such as shoemaker Clarks, as well as fraudulent pages targeting people with a taste for the work of individual designers.
The products they claimed to sell were not just limited to fashion.
Websites were found pretending to flog everything from children’s toys to household items and garden furniture to car parts.
The sites were unrelated to the brands they claim to sell and consumers who used them told the investigation they never received the items they thought they had purchased.
However, the sites still managed to trick shoppers into sharing their information.
Personal data collected during the scam could prove valuable for foreign intelligence services and surveillance purposes.
This week it emerged that as many as 272,000 British soldiers may have been affected by a data breach.
Defense Secretary Grant Shapps blamed the attack on a “malicious actor” but could not confirm reports that China was behind the intrusion.