It is reported that more than 850,000 people have used 75,000 fake online shops operated by the China-based criminal organization 'BogusBazaar' and stolen credit card information has been resold on the dark web and used for fraudulent purposes totaling approximately $50 million.
A German cybersecurity firm, Security Research Labs GmbH (SRLabs), has reported that as many as 850,000 users purchased products from 75,000 fake online shops operated by the China-based criminal organization BogusBazaar. The stolen personal information and credit card details were then used to make fraudulent orders worth approximately $50 million on the dark web.
BogusBazaar: A criminal network of webshop fraudsters
Chinese network behind one of world's 'largest online scams' | Scams | The Guardian
Massive webshop fraud ring steals credit cards from 850,000 people
https://www.bleepingcomputer.com/news/security/massive-webshop-fraud-ring-steals-credit-cards-from-850-000-people/
BogusBazaar has launched more than 75,000 fake online shops since 2021, with 22,500 shops still available at the time of writing. BogusBazaar acquires expired domains sold on Google to host fake shops, generally selling shoes and clothing at very low prices. In addition, BogusBazaar's online shops are semi-automatically set up using WordPress and are adjusted so that they do not appear to be malicious sites at first glance.
These sites allow you to order using credit cards, PayPal, or Stripe, but if you order something, not only will the product never arrive or be counterfeit, but they will also collect your name, contact information, email address, address, and credit card information.
To date, over 850,000 people have purchased items from BogusBazzar's stores, and millions of stolen credit card details have been resold on dark web markets by attackers who have made an estimated $50 million in fraudulent online purchases.
Most of the victims are in the United States and Western Europe, with no victims confirmed so far in China, where the fraud operations are based.
BogusBazaar is highly organized, with an established structure consisting of a 'core team' responsible for software development, back-end deployment, and customizing WordPress plugins for fraudulent operations, and a 'franchise team' that actually runs the shops under the core team.
According to SRLabs, most of BogusBazaar's servers are located in the United States, and each server hosts between 200 and 500 online shops. In addition, because they use Cloudflare, the identity of the server owner is kept confidential.
SRLabs has provided authorities and other interested parties with a list of URLs and
'To ensure that an online shop is genuine, users should check the shop's contact information, return policy, and website certificate, as well as check whether the shop has social media accounts. This will help you determine whether the online shop you are using is a hastily created site or a secure site built to high professional standards,' says Bleeping Computer.
Related Posts:
in Web Service, Security, Posted by log1r_ut