Customers savings resulted in a loss of data and money.
The BogusBazaar scam network has placed more than a million orders on fictitious Internet sites over the past 3 years, with the total volume of orders exceeding $50 million. The new campaign was announced by SRLabs in its report.
Fake stores, using expired domains with a good reputation in Google, attracted victims under the guise of favorable offers for shoes and clothing, but in the end stole payment card data.
More than 850,000 shoppers, mostly from Western Europe, Australia and the United States, have already been affected by the scheme, while there are virtually no victims in China, where the main base of fraudsters is supposedly located. The network includes more than 75,000 domains, of which about 22,500 were active as of April 2024.
SRLabs notes that although each fraud case had a relatively small "volume", the organization and prevalence of the operation allowed the attackers to remain out of the field of view of law enforcement agencies.
Fraudsters used two main methods of crime: collecting credit card data on fake payment pages and selling non-existent or counterfeit goods through fake payment systems that mimic PayPal and Stripe. Customers who made a purchase through a fake service received nothing or, at best, counterfeit goods. The scammers also used fake payment pages that could be quickly replaced with new ones if fraud was detected.
Products in fake online stores
BogusBazaar's organizational structure is similar to the Infrastructure-as-a-Service (IaaS) model, where the main team is responsible for infrastructure management, and a decentralized network of partners manages fraudulent stores.
The process of creating new sites is as automated as possible. Most of BogusBazaar's servers are located in the United States and use Cloudflare protection. One server can serve up to 500 online stores running on WordPress with the WooCommerce plugin.
Analysts from SRLabs shared their findings with law enforcement agencies and relevant Internet service providers. Some of the fake stores have already been disabled, but it is estimated that tens of thousands of sites are still functioning.
The BogusBazaar scam network has placed more than a million orders on fictitious Internet sites over the past 3 years, with the total volume of orders exceeding $50 million. The new campaign was announced by SRLabs in its report.
Fake stores, using expired domains with a good reputation in Google, attracted victims under the guise of favorable offers for shoes and clothing, but in the end stole payment card data.
More than 850,000 shoppers, mostly from Western Europe, Australia and the United States, have already been affected by the scheme, while there are virtually no victims in China, where the main base of fraudsters is supposedly located. The network includes more than 75,000 domains, of which about 22,500 were active as of April 2024.
SRLabs notes that although each fraud case had a relatively small "volume", the organization and prevalence of the operation allowed the attackers to remain out of the field of view of law enforcement agencies.
Fraudsters used two main methods of crime: collecting credit card data on fake payment pages and selling non-existent or counterfeit goods through fake payment systems that mimic PayPal and Stripe. Customers who made a purchase through a fake service received nothing or, at best, counterfeit goods. The scammers also used fake payment pages that could be quickly replaced with new ones if fraud was detected.
Products in fake online stores
BogusBazaar's organizational structure is similar to the Infrastructure-as-a-Service (IaaS) model, where the main team is responsible for infrastructure management, and a decentralized network of partners manages fraudulent stores.
The process of creating new sites is as automated as possible. Most of BogusBazaar's servers are located in the United States and use Cloudflare protection. One server can serve up to 500 online stores running on WordPress with the WooCommerce plugin.
Analysts from SRLabs shared their findings with law enforcement agencies and relevant Internet service providers. Some of the fake stores have already been disabled, but it is estimated that tens of thousands of sites are still functioning.
