May 9, 2024 at 12:49PM
A criminal network known as BogusBazaar, based in China, has scammed more than 850,000 victims through over 75,000 fraudulent web shops. They steal payment card details and offer fake merchandise. They operate with an infrastructure-as-a-service model and use expired domains with high Google ratings to attract victims, mostly from the US and Western Europe. SRLabs is working to shut down the fake shops and advises consumers to be wary of deals that seem too good to be true, and to use services like Fakeshop Finder, ScamVoid, and URL Void to verify the legitimacy of web shops.
From the meeting notes, we have gathered that a criminal network known as BogusBazaar has stolen payment credentials from over 850,000 victims through fake web shops on expired domains. The group, based in China, manages a network of over 75,000 fraudulent web shops and promises attractive online shopping deals but instead steals payment card details and often does not deliver any merchandise.
BogusBazaar employs two criminal methods: harvesting payment card details through fake payment pages, and selling expensive merchandise with no intention of delivering. The group has processed over 1 million orders totaling more than $50 million in fraudulent payments while inflicting secondary damages by using stolen credit card details in future crimes.
The group operates on an “infrastructure-as-a-service” model and uses automation tools to set up new sites quickly and efficiently. The group’s servers are associated with numerous IP addresses and host a large number of web shops, with the majority of them being hosted in the US.
Most of the web shops are currently run on the WooCommerce WordPress plug-in, and the group uses expired domains with high Google ratings to increase the chances of their sites being found. Victims of BogusBazaar are primarily from the US and Western Europe, with the main operating hub of the group located in China.
To combat these activities, SRLabs has shared its findings with authorities and encouraged users to report any related information or questions to them via email at [email protected]. They have also recommended being cautious of deals that seem too good to be true and have suggested using services such as Fakeshop Finder in Germany, ScamVoid, and URL Void in the US, to verify the legitimacy of web shops.