Fraudulent webshops reportedly process $50 million in fake orders

A major criminal e-commerce network has reportedly scammed more than 850,000 American and European consumers.

According to cybersecurity research and consulting firm Security Research Labs, the criminal group, which it has named "BogusBazaar," operates a global network of more than 75,000 domains hosting fraudulent webshops, frequently targeting previously expired domains that have a good Google reputation. 

Since 2021, Security Research Labs says BogusBazaar has processed more than 1 million orders whose estimated aggregate order volume is more than $50 million. However, not every one of these orders resulted in payment, meaning the actual financial loss to scammed consumers is somewhat lower.

As of April 2024, Security Research Labs says approximately 22,500 fake BogusBazaar-operated domains were active. The group primarily operates from China and targets consumers in the U.S. and Western Europe. 

[Read more: Fraud rises in 2023 for businesses, consumers alike]

How it works

According to Security Research Labs, this is how the BogusBazaar scam operates:

• BogusBazaar mainly attracts consumers to its phony e-commerce sites with fraudulent low-cost offers of brand-name footwear and apparel products. 
• Consumers enter their personal and credit card information onto fake payment pages, where the data is collected by the criminal group.
• Payments are facilitated through PayPal, Stripe and credit card processors. However, consumers either never receive their orders or only get low-quality counterfeit versions of the items they thought they were purchasing.

Sophisticated infrastructure strategy

Part of why BogusBazaar has been so successful is a complex back- and front-end infrastructure model. On the back end, Security Research Labs says the group uses an “infrastructure-as-a-service” model with decentralized criminal franchisees running fraudulent e-commerce sites on a hosted platform that provides custom-developed software and WordPress plug-ins. Most servers are U.S.-based, with many hosting more than 100 IP addresses of fraudulent sites. 

On the front end, if a payment page is blocked for fraud, the criminals can implement a new one without altering the appearance of the online storefront. According to Security Research Labs, BogusBazaar creates phony sites “semi-automatically” with customized names and logos and quality assurance procedures to help ensure the sites appear legitimate.

Read more of the Security Research Labs blog post about this cyber scam.

In commentary emailed to Chain Store Age, Roger Grimes, data-driven defense evangelist at cybersecurity platform provider KnowBe4, said consumer education is an important component of efforts to stop this type of online fraud.

"These sorts of social engineering scams are very difficult to detect,” Grimes said in the email. “Defenses include educating potential buyers that deals that seem too good to be true usually are and to recommend that people only give their credit card information to known, reputable vendors and sites.”