More than 800,000 people in Europe and the US were tricked into giving their card details and other sensitive personal data to a purportedly vast network of online designer stores that was fake and apparently operated from China, an international investigation by The Guardian newspaper has revealed. , Die Zeit and Le Monde, according to News.ro.
Online shopPhoto: Dreamstime.com
The journalistic investigation offers a rare look inside the workings of what the UK’s Chartered Trading Standards Institute describes as one of the biggest scams of its kind, with 76,000 fake websites created.
A series of data reviewed by reporters and IT experts shows that the operation is very well organized, very technically proficient and, worse, it continues.
Operating on an industrial scale, the programmers created tens of thousands of fake web stores offering discounted products from Dior, Nike, Lacoste, Hugo Boss, Versace and Prada, as well as many other premium brands. Published in multiple languages, from English to German, French, Spanish, Swedish and Italian, the websites appear to have been designed to lure buyers into making payments and giving away sensitive personal data.
However, those sites have no connection to the brands they claim to sell, and in most cases, consumers who have told about their experiences have said they did not receive any of the items they ordered.
Over a million orders in the last three years alone
The first fake stores in the network appear to have been created in 2015. More than 1 million “orders” were processed in the last three years alone, according to data analysis. Not all payments were successfully processed, but the analysis suggests the group may have attempted to embezzle up to €50 million during this period. Many of the online stores have been abandoned, but a third of them – more than 22,500 – are still active, The Guardian warns.
To date, an estimated 800,000 people, almost all from Europe and the US, have shared email addresses, and 476,000 of these have given their debit and credit card details, including their three-digit security number. Also, all these people submitted their names, phone numbers, e-mail addresses and postal addresses to the network.
Katherine Hart, senior officer at the Chartered Trading Standards Institute, described the operation as “one of the biggest fake online shop scams” she had seen. She added: “These people are often part of serious and organized crime groups, so they collect data that they can later use against people, making consumers more susceptible to phishing attempts.”
Data, the new currency
“Data is the new currency,” says Jake Moore, global cybersecurity advisor at software company ESET. He warned that such collections of personal data could also be valuable to foreign intelligence agencies for surveillance purposes. “The big picture is that we have to assume that the Chinese government could potentially have access to this data,” added Jake Moore.
The existence of the fake store network was revealed by Security Research Labs (SR Labs), a German cybersecurity consultancy, which obtained several gigabytes of data and shared it with Die Zeit.
A group of IT developers seems to have built a system to create and launch semi-automatic websites, allowing for quick deployment. This nucleus appears to have operated some stores itself, but would have allowed other groups to use the system.
The three publications suggest that at least 210 users have accessed the system since 2015.
SR Labs consultant Matthias Marx described the model as “franchise-like”. He explained that “the core team is responsible for developing the software, implementing the backends and supporting the operation of the network, and the franchisees manage the day-to-day operations of the fraudulent stores.”
“attracted me”
The Guardian also presents a concrete case of a deceived customer.
It was a few weeks before Christmas and Melanie Brown, 54, from Shropshire, England, was looking for a new purse. She Googled the image of a leather item from one of her favorite German designers, Rundholz. Immediately a website appeared offering the bag for 50% less than the usual price of £200. Added it to the shopping cart.
“I was drawn to it,” Melanie confessed. After choosing the bag, she saw other designer clothes from a luxury brand she adores, Magnolia Pearl. She found dresses, tops and jeans and racked up a bill of £1,200 for 15 items. “I was getting a lot for the money, so I thought it was worth it,” she said.
But Melanie Brown was deceived.
A single software platform to create tens of thousands of fake online stores
For nearly a decade, a network operating out of China’s Fujian province has used what appears to be a single software platform to create tens of thousands of fake online stores. There are the big global brands such as Paul Smith, haute couture houses such as Christian Dior, but also niche, more sought-after names such as Rixo and Stella McCartney, as well as high street retailers commercial, such as Clarks shoes.
And it’s not just clothes – there are fake shops selling quality toys such as Playmobil, and at least one selling lighting fixtures.
Almost 50 people who say they were cheated were interviewed as part of this investigation. The Guardian spoke to 19 people from Great Britain and the USA. Their evidence suggests that these sites were not created to sell counterfeit products. Most people didn’t get anything in the mail.
A few received, but the items were not the ones ordered. A German shopper paid for a jacket and got cheap sunglasses. A British customer received a fake Cartier ring instead of a shirt, and another customer received an unbranded blue sweater instead of the Paul Smith one he had paid for.
Personal data, the end goal?
Strangely, many of those who tried to buy did not lose money. Either their bank blocked the payment or the fake store didn’t process it. However, all those interviewed have one thing in common: they handed over their personal data.
“Data can be more valuable than sales. If you collect someone’s card details, that data is then invaluable for taking over a bank account,” said Simon Miller, director of policy and communications at Stop Scams UK.
SR Labs, which works with major companies to protect their systems against cyberattacks, believes the scam works on two levels. First, credit card harvesting, where fake payment gateways collect credit card data but don’t take any money. Second, the fake sale, where criminals take money. There is evidence that the network took payments processed through PayPal, Stripe and other payment services and, in some cases, directly from debit or credit cards.
Online stores were hosted by expired domains
The network used expired domains to host its fake stores, which experts say can help avoid detection by real websites or brand owners. It apparently has a database of 2.7 million such orphan domains and runs tests to see which ones are the best to use.
In Germany, the owner of a glass bead factory said she received angry phone calls almost every day from buyers asking where Lacoste clothes were. She discovered that an old website of hers, perlenzwoelfe.de, had been used for fraud. The fraud could be detected because the content he had previously uploaded to that address was visible in the web archives. She reported the fraud to the police. “The officials only said that there was nothing they could do about it,” testified the patron.
Michael Rouah, who runs Artoyz, an online store and shop in central Paris that sells handmade toys, had the same story. His entire product catalog was copied. “They changed the name and used another domain… They stole the images from our website and changed the prices, making them – of course – much lower,” he said.
He was alerted by customers about the fraud. “In general, there’s not much we can do about it … We explored the possibility of taking action with a lawyer, but it takes time and costs money,” Rouah confesses.
The tracks lead to China
The network seems to have originated in Fujian province. Many of the IP (Internet Protocol) addresses can be traced to China, some to the cities of Fujian Putian and Fuzhou.
Payroll documents found in the data suggest the individuals were employed as developers and data collectors and received salaries through Chinese banks.
There were also three sample employment contracts, in which the employer is listed as Fuzhou Zhongqing Network Technology Co Ltd. Officially registered in China and with a unique official identification number, the company lists its address as Fuzhou, the provincial capital Fujian. It is not clear what it has to do with the network.
Contracts establish strict working conditions. The employee receives a performance score and can increase his salary with a higher ranking. They are evaluated on a number of criteria, including whether they refrain from playing video games, watching movies or sleeping while on the job. If employees are sick or on vacation, their pay is reduced for the days lost, unless they work overtime.
The data includes a spreadsheet detailing the payment, between January and October 2022, of 2,410,000 yuan (nearly £266,000) in dividends to at least four shareholders of an unnamed company.
Fuzhou Zhongqing Company is now advertising for developers and data collectors through recruitment sites in China. The salary for a data collection specialist is 4,500-7,000 Chinese yuan (about £500-700) per month, and the business is described as a “foreign trade company that mainly produces sports shoes, fashion clothing , branded bags and other series”.
The Fuzhou Zhongqing company did not respond to a request for comments, The Guardian mentions, according to News.ro.
Online scams on the rise
Action Fraud, the UK’s cybercrime reporting centre, has said it will try to get fake webshops shut down.
Online scams are a growing problem. In the first six months of 2023, there were 77,000 cases of purchase fraud – when goods are paid for but never materialized – in the UK, a 43% increase on the same period in 2022.
In the US, consumers lost nearly $8.8 billion to fraud in 2022, an increase of more than 30% over the previous year. The second most commonly reported scam is online shopping fraud.
According to TSB fraud spokesman Matt Hepburn, shopping fraud is the “biggest driver” of online financial crime in the UK. He said tech companies should do more to protect consumers. “Search engines and technology platforms must prevent their users from being exposed to fake sites and quickly remove fraudulent content that is reported to them,” the official said.
Hester Abrams, international engagement manager at Stop Scams UK, said: “Consumers will only be better protected from criminal units exploiting digital systems if businesses and governments make preventing scams a real priority. Investigations like this show how we could have a lot of impact against fraudsters with a better coordinated international effort”.
