Security researchers have raised a red flag for online shoppers as they have uncovered a sophisticated network of fake e-commerce stores aimed at stealing credit card details and money from unsuspecting victims.
The BogusBazaar network, primarily operated from China, has been flagged by Security Research (SR) Labs for processing over one million orders since 2021. It is estimated that more than 850,000 shoppers have fallen prey to this scam, with the majority hailing from Western Europe and the US. These victims are believed to have collectively placed orders totaling over $50 million for items that do not actually exist. However, not every transaction results in successful payment, meaning that the financial impact may be slightly lower than the total amount mentioned.
Despite failed payments, the perpetrators behind this network are still able to harvest valuable personal information and credit card details through fake payment pages, as reported by SRLabs. In some instances, victims may receive counterfeit items, but more often than not, they are left with nothing to show for their purchases.
Shoppers are lured into these fake online shops with promises of luxury and branded goods at prices that seem too good to be true. The scammers strategically choose expired domains with a strong Google reputation for their websites, which run on platforms like WooCommerce WordPress, Zen Cart, or OpenCart.
According to SR Labs, there are currently 22,500 active domains associated with the BogusBazaar network, although they have identified over 75,000 domains in total that have been used by the scammers. The group operates on an ‘infrastructure-as-a-service’ model, with a central team managing the infrastructure while a network of franchisees handle the day-to-day operations of the fraudulent stores.
The core team behind BogusBazaar is responsible for setting up the infrastructure and managing a small number of fake web shops. They develop software, deploy backends, and customize various WordPress plugins to support their fraudulent operations. The network primarily utilizes servers located in the US, with each server hosting approximately 200 fake e-commerce stores, some of which support over 500 stores. Each server is linked to more than 100 IP addresses.
The daily operations of these fake online stores are managed by franchisees, primarily based in China. SRLabs highlighted that payment pages are rotated regularly to evade detection, especially if a particular page has been flagged for fraudulent activity.
SRLabs has shared its findings with key stakeholders such as network infrastructure operators, payment providers, and search engines in the hopes of prompting swift action against this widespread fraud scheme. Vigilance and caution are advised for online shoppers, especially when encountering deals that seem too good to be true.