China scammers steal $50 million through fake webshops in ring

May 18, 2024
1 min read

TLDR:

China-based fraudsters operating tens of thousands of fake webshops called ‘BogusBazaar’ stole credit card details of hundreds of thousands of Western shoppers, earning tens of millions of dollars in fake orders. The scam ring runs a decentralized Fraud-as-a-Service operation, targeting individuals in the United States and Western Europe by selling shoes and apparel from well-known brands at low prices. SRLabs has shared findings and a tool to help buyers identify dubious online stores, urging caution in online shopping to avoid falling victim to scams.

Article Summary:

Fraudsters operating tens of thousands of fake webshops stole credit card details of hundreds of thousands while also earning tens of millions of dollars in fake orders. The fake online shops called ‘BogusBazaar’ tricked over 850,000 people, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders.

SRLabs discovered that the massive webshop fraud ring steals credit cards from individuals in the United States and Western Europe and rarely from China, their primary operating base. The fraudsters harvest credit card details from spoofed payment interfaces before redirecting victims to legitimate payment gateways and initiating transactions.

The fraudsters operate a “Fraud-as-a-Service” operation consisting of a core team that manages infrastructure and affiliates who operate the webshops. The core team develops software and backend systems, and customizes WordPress and eCommerce plugins while also running a few fake webshops, likely for testing purposes.

The criminal ring also decentralizes infrastructure by running fake webshops, payment gateways, and management applications on separate servers. This strategy allows them to rotate checkout pages rapidly without changing storefronts when payment pages are taken down for fraud.

SRLabs has shared its findings with authorities and relevant entities and has also shared a Fakeshop Finder tool for German buyers to identify dubious online stores involved in the massive fraud campaign. Buyers are urged to be cautious and check for authenticity before making purchases from online stores.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and