Nearly a million people around the world have been victims of a highly organized fraud campaign, swindling them out of around $50 million in recent years.
According to a report by SRLabs, a group of cybercriminals, supported by a broader network of affiliates, organized themselves into a criminal network called BogusBazaar. This ring automated the creation and rotation of thousands of fake shopping websites – 22,500 domains, to be exact.
Through these shopping sites, criminals did two things: steal credit cards and other payment information, and steal money.
well organized group
Stealing credit card information is about as easy as one can imagine on fake shopping sites: a person would try to purchase something off-site, submit their payment information, and never receive the item they ordered. PayPal and Stripe data were stolen from victims in the same way.
The money theft worked a little differently. Some of the victims actually received an item, although not the one they ordered, but rather a cheap copy or imitation.
“The operation of fraudulent web shops is a seemingly small but well-organized crime,” says Matthias Marx, security consultant at SRLabs. Register. “As each fraud case is relatively small in volume, the fraudsters appear to have managed to evade the attention of law enforcement authorities despite making millions.”
Most of the victims were in Western Europe, Australia and America.
The worst part is that the campaign is still ongoing and is decentralized and automated in a way that makes it difficult for law enforcement to completely eliminate it. As soon as one website is removed, another takes its place. Attackers often use expired domains with good reputations, which makes detecting fraud even more difficult at first.
Most scammers appear to be operating from China.
The Internet is full of scammers and scammers looking to steal people's money and confidential information. The best way to stay safe is to always make sure you buy from trusted sources and official websites. If you know the store's website, type the address in the bar instead of searching for it on Google or other search engines.
If you are redirected to a website, check the address and make sure it has no typos or strange characters.
And lastly, always use common sense. If something is too good to be true, it most likely is.