By operating a “fraud-as-a-service’ (FaaS) website, BogusBazarr, operating out of China, runs 200 fraudulent webshops and has so far claimed 850,000 victims, mostly from the US and Western Europe.
Victims who access BogusBazarr shops are offered amazing-sounding deals on shoes and apparel from well-known brands. But as the webshops are totally fraudulent, the victims end up having their credit card details stolen with nothing to show for it.
In addition to innocent consumers having their bank accounts emptied, fraud on this scale can also cause significant brand damage for the companies whose goods are fraudulently offered to gullible consumers in this way. The massive international fraud was uncovered by Berlin-based Security Research Labs.
According to Security Research Labs’ report: BogusBazarr: A Criminal Network of Webshop Fraudsters, the fake shops processed over a million orders with an aggregate volume of $50 million over the past three years.
Fraudulent webshops initiate payments for expensive merchandise. But, in most cases, the victims do not receive any merchandise or occasionally receive cheap counterfeits. Payments are facilitated through PayPal, Stripe, and credit card processors. The luckless consumer’s credit card data is harvested through a spoofed payment interface. The victim is then shown an error message and forwarded to a functioning payment gateway, which initiates a payment.
Fraud network processes over a million orders
The Chinese criminal group, which Security Research Labs named BogusBazarr, operates an extensive network of over 75,000 domains hosting fraudulent webshops. As of April 2024, approximately 22,500 of these were still active. The network has processed more than one million orders since 2021. A core team in China is responsible for infrastructure management, while a decentralized network of franchisees operates fraudulent shops.
The BogusBazarr criminal gang has introduced a highly scalable new ‘fraud-as-a-service’ model. The gang appears to operate only a small number of fake webshops itself, with franchisees managing the day-to-day operations of fake shops running on this shared infrastructure. The research indicates that a large part of the network operates from China.
Security Research Labs recommends that consumers check out “too-good-to-true” deals when ordering online, using services such as Germany’s Fakeshop Finder to determine whether the webshop they are looking at is legitimate.
