Massive Webshop Fraud Ring Steals Credit Cards From 850,000 People
Summary:
BogusBazaar, the vast network of fake online shops, was discovered by Security Research Labs GmbH to have successfully deceived over 850,000 individuals in the United States and Europe. This operation, which has been active for three years since 2021, has aimed to process around $50 million in fraudulent purchases by stealing credit card information and attempting fake transactions. The operations of BogusBazaar involves the creation of over 75,000 fake webshops. These webshops are strategically hosted on previously reputable domains that have expired, allowing the scammers to leverage the established reputation of these domains with search engines like Google. The shops typically offer products such as shoes and clothing at highly discounted prices, attracting unsuspecting consumers.
When users attempt to make purchases on these fake sites, they are directed to payment pages that are designed to collect sensitive information such as credit card details. In some instances, the scammers also exploit payment platforms like PayPal and Stripe to conduct unauthorized transactions. As a result, victims either lose money directly or have their financial information compromised.
Security Officer Comments:
SRLabs uncovered that BogusBazaar operates under an "infrastructure-as-a-service" model, where a core team manages the overarching infrastructure, including servers and software development. This core team is responsible for maintaining a small number of fake shops, possibly for testing purposes, and developing custom WooCommerce WordPress plugins used for fraudulent activities. The majority of BogusBazaar's operations are conducted by a decentralized network of franchisees who manage the day-to-day operations of the fake webshops. These franchisees utilize tools provided by the core team to run the scam effectively. Despite being managed from China, most of the servers hosting BogusBazaar's webshops are located in the United States. Each server hosts between 200 and 500 fake webshops, hidden behind Cloudflare for anonymity.
Suggested Corrections:
To confirm that an online shop is authentic, consumers are recommended to check for contact information, examine the return policy, check for trust seals, browse the website content in general, and check its social media presence. In addition, read online reviews, follow the announcements of local consumer protection agencies, and use available online checker tools.
Link(s):
https://www.bleepingcomputer.com/ne...ring-steals-credit-cards-from-850-000-people/
BogusBazaar, the vast network of fake online shops, was discovered by Security Research Labs GmbH to have successfully deceived over 850,000 individuals in the United States and Europe. This operation, which has been active for three years since 2021, has aimed to process around $50 million in fraudulent purchases by stealing credit card information and attempting fake transactions. The operations of BogusBazaar involves the creation of over 75,000 fake webshops. These webshops are strategically hosted on previously reputable domains that have expired, allowing the scammers to leverage the established reputation of these domains with search engines like Google. The shops typically offer products such as shoes and clothing at highly discounted prices, attracting unsuspecting consumers.
When users attempt to make purchases on these fake sites, they are directed to payment pages that are designed to collect sensitive information such as credit card details. In some instances, the scammers also exploit payment platforms like PayPal and Stripe to conduct unauthorized transactions. As a result, victims either lose money directly or have their financial information compromised.
Security Officer Comments:
SRLabs uncovered that BogusBazaar operates under an "infrastructure-as-a-service" model, where a core team manages the overarching infrastructure, including servers and software development. This core team is responsible for maintaining a small number of fake shops, possibly for testing purposes, and developing custom WooCommerce WordPress plugins used for fraudulent activities. The majority of BogusBazaar's operations are conducted by a decentralized network of franchisees who manage the day-to-day operations of the fake webshops. These franchisees utilize tools provided by the core team to run the scam effectively. Despite being managed from China, most of the servers hosting BogusBazaar's webshops are located in the United States. Each server hosts between 200 and 500 fake webshops, hidden behind Cloudflare for anonymity.
Suggested Corrections:
To confirm that an online shop is authentic, consumers are recommended to check for contact information, examine the return policy, check for trust seals, browse the website content in general, and check its social media presence. In addition, read online reviews, follow the announcements of local consumer protection agencies, and use available online checker tools.
Link(s):
https://www.bleepingcomputer.com/ne...ring-steals-credit-cards-from-850-000-people/