Chinese crooks behind one of many world’s ‘largest on-line scams’

On May 8, 2024

Group labelled ‘BogusBazaar’ is believed to have swindled millions of pounds

Published: 11:17, 8 May 2024 | Updated: 13:44, 8 May 2024

Chinese scammers using fake websites purporting to sell designer products at huge discounts are believed to have made off with the credit card details and personal data of some 800,000 people in Europe and the US, an investigation has revealed.

The ruse, dubbed by a British trading standards body as one of the largest scams of its kind ever, involves more than 75,000 websites bearing the logos of various high-end marques – from Nike to UNIQLO and Paul Smith to Cartier – that claim to sell cut-price merchandise.

English versions of the sites are accompanied by duplicates in several European languages including French, German, Spanish and Italian, designed to dupe unsuspecting shoppers.

And though roughly two-thirds of them have now been deactivated, investigators believe more than 22,500 are still live and continue to trick bargain-hunting online shoppers.

SR Labs, a German cybersecurity consultancy that uncovered the scam, said that a group of programmers appeared to have created a system to rapidly generate and deploy new sites, dramatically increasing their reach.

Chinese scammers have used fake websites purporting to flog designer products at huge discounts to take people’s data

The Chinese group, labelled ‘BogusBazaar’ by SR Labs, is believed to have swindled millions of pounds, euros and dollars from their victims since it launched the first sites in 2015.

Around 476,000 people are believed to have shared their debit and credit card details, including their three-digit security number.

But in many cases, the scammers were not after money. Often customers were told upon checkout that their bank, or the website itself, had rejected the payment request.

Though the money may have remained in their accounts, their personal details – including full name, address, credit card number and three digit security code – were all in the hands of the scammers.

Vonny Gamot, Head of EMEA at online protection company McAfee, said: ‘Late last year, McAfee researchers saw a surge in luxury brand scams like these, including spikes of 600% over normal seasonal levels.

‘Personal information is now a kind of currency because it’s tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driving licences.’

And Jake Moore, a global cybersecurity adviser at the software company ESET, told The Guardian: ‘The bigger picture is that one must assume the Chinese government may have potential access to the data,’ he said.

SR Labs consultant Matthias Marx explained how a small team of programmers appeared to have created a system which can partially automate the generation and publishing of new versions of scam sites, helping the team to scale their operation at a rapid pace.

A wider team is then brought in to oversee and manage these sites in a kind of a ‘franchise’ model.

English versions of the sites are accompanied by duplicates in several European languages including French, German, Spanish and Italian, designed to dupe unsuspecting shoppers

He explained that a core team develops the software and supports the operation of the network, while franchisees ‘manage the day-to-day operations of fraudulent shops.’

SR Labs chose to share the results of their investigation with German newspaper Die Zeit, who then worked with The Guardian and French outlet Le Monde to dig deeper.

Their investigation found a huge variety in the brands and companies the Chinese developers were using to build their scam.

Though many of the brands were haute-couture big hitters like Christian Dior, investigators also found sites mimicking British high street favourites like shoemaker Clarks, as well as fraudulent pages catering to those with a penchant for the work of individual designers.

The products they purported to sell were not just limited to fashion, either.

Websites were found pretending to flog everything from children’s toys to homeware and garden furniture to car parts.

The sites had no connection to the brands they claim to sell and consumers who used them told the investigation that they never received the items they thought they bought.

However, the sites still managed to trick shoppers into sharing their information.

Personal data like that taken during the scams could prove valuable for foreign intelligence agencies and surveillance purposes.

This week, it emerged that up to 272,000 UK service personnel may have been hit by a data breach.

Defence Secretary Grant Shapps blamed the attack on a ‘malign actor’, but failed to confirm reports that China was behind the break-in.

Recent cyber attacks that hit the UK

March 2024

The UK and the United States accused China of a global campaign of ‘malicious’ cyber attacks in an unprecedented joint operation to reveal Beijing’s espionage.

Britain publicly blamed China for targeting the Electoral Commission watchdog and for being behind a campaign of online ‘reconnaissance’ aimed at the email accounts of MPs and peers.

The Electoral Commission attack was identified in October 2022, but the hackers had first been able to access the commission’s systems for more than a year, since August 2021.

December 2023

A Foreign Office minister told the Commons that private conversations of high-profile politicians and civil servants were compromised by Russia’s principal security service during ‘sustained’ attempts to interfere in UK politics.

A cyber influence campaign by a group known as Star Blizzard, ‘almost certainly’ a subordinate of an FSB cyber unit, had ‘selectively leaked and amplified information’ since 2015.

July 2022

The British Army confirmed a ‘breach’ of its Twitter and YouTube accounts. The channel featured videos on cyptocurrency and images of billionaire businessman Elon Musk.

The official Twitter account had retweeted a number of posts appearing to relate to NFTs (non-fungible tokens).

July 2021

The UK accused the Chinese government of being behind ‘systematic cyber sabotage’ following a hacking attack which affected a quarter of a million servers around the world. The attacks, which took place in early 2021, targeted Microsoft Exchange servers.

April 2021

Britain accused Russia’s foreign intelligence service of being behind a major cyber attack on the West.

The Foreign, Commonwealth and Development Office (FCDO) said the National Cyber Security Centre (NCSC) had assessed that it was ‘highly likely’ the SVR was responsible for the so-called SolarWinds hack.

July 2020

Britain, the United States and Canada accused Russian spies of targeting scientists seeking to develop a coronavirus vaccine.

The three allies said hackers linked to Russian intelligence were seeking to steal the secrets of research bodies around the world, including in the UK.