More than 800,000 people in Europe and the US have apparently been tricked into sharing card details and other sensitive personal data with a vast network of fake online designer stores that apparently operate out of China.
An international investigation by The Guardian, Die Zeit and Le Monde provides a rare inside look at the mechanism behind what the British Chartered Standards of Commerce Institute called one of the biggest scams of its kind, with 76,000 fake websites being created.
A wealth of data examined by journalists and IT experts indicates that the operation is well-organized, technically savvy - and ongoing.
Operating on an industrial scale, programmers have created tens of thousands of fake online stores offering discounted products from Dior, Nike, Lacoste, Hugo Boss, Versace and Prada, as well as many other premium brands.
Published in multiple languages ranging from English to German, French, Spanish, Swedish, and Italian, the websites appear to have been designed to entice shoppers to part with money and sensitive personal data.
However, the sites have nothing to do with the brands they claim to sell, and in most cases, consumers who reported their experiences said they did not receive any products.
The first fake stores in the network seem to have been created in 2015. According to data analysis, more than 1 million “orders” were processed in the last three years alone. Not all payments were successfully processed, but the analysis shows that the group may have tried to collect up to 50 million euros (43 million pounds) during this period. Many stores have been abandoned, but a third of them – more than 22,500-are still open.
So far, an estimated 800,000 people, almost all of them in Europe and the US, share email addresses, with 476,000 of them sharing debit and credit card details, including their three-digit security number. All of them also gave the network their names, phone numbers, email and postal addresses.
Katherine Hart, lead researcher at the Chartered Trading Standards Institute, described the operation as “one of the biggest fake online shopping scams I've seen. She added "Often these people are part of serious and organized criminal groups, so they collect data and can later use it against people, making consumers more susceptible to phishing attempts.”
"Data is the new currency," said Jake Moore, a global cybersecurity consultant at software company ESET. He warned that such repositories of personal data could also be valuable for foreign intelligence agencies for surveillance purposes. “The overall picture is that it should be assumed that the Chinese government may have potential access to the data, " he added.
The existence of a network of fake stores was revealed by the German consulting company Security Research Labs (SR Labs), which received several gigabytes of data and shared them with Die Zeit.
The core development team seems to have built a system for semi-automated website creation and launch, enabling rapid deployment. It appears that this core managed some of the stores itself, but allowed other groups to use the system. According to the logs, at least 210 users have accessed the system since 2015.
SR Labs consultant Matthias Marks described the model as”franchise-based. He said "The core team is responsible for software development, server system deployment and network support. Franchisees manage the day-to-day operations of fraudulent stores.”
'It shocked me ...’
It was a few weeks before Christmas. 54-year-old Melanie Brown from the English county of Shropshire was looking for a new purse. She posted on Google an image of a leather product from one of her favorite German designers, Rundholz. A website immediately popped up offering the bag at a 50% discount off the regular retail price of £ 200. She added it to the shopping cart.
"It shocked me," she said. After choosing a bag, she noticed other designer clothes from an expensive brand that she likes, called Magnolia Pearl. She found dresses, tops and jeans worth £ 1,200 for 15 items. “I was getting a lot for the money, so I thought it was worth it," she said.
But Brown was tricked. For nearly a decade, the chain, which operates in China's Fujian Province, has used what appears to be a single software platform to create tens of thousands of fake online stores.
There are big global brands like Paul Smith, haute couture houses like Christian Dior, but also more niche, highly sought-after names like Rixo and Stella McCartney, and street retailers like Clarks shoes. Not just clothing-there are fake stores selling quality toys like Playmobil, and at least one selling lighting fixtures.
As part of this investigation, about 49 people were interviewed who claim that they were deceived. The Guardian spoke to 19 UK and US citizens. Their testimonies indicate that these websites were not created to sell counterfeit goods. Most people didn't get anything in the mail. Some of them got it, but the goods were not what they ordered. A customer from Germany paid for a blazer and got cheap sunglasses. A British customer received a fake Cartier ring instead of a shirt, and another was sent an unbranded blue jumper instead of the one they paid for from Paul Smith.
Oddly enough, many people who tried to make purchases never lost money. Either their bank blocked the payment, or the fake store itself didn't process it.
However, all the respondents have one thing in common: they passed on their personal data.
Simon Miller, director of policy and communications at UK-based Stop Scams, said: “Data can be more valuable than sales. If you collect someone's card data, that data is invaluable for hijacking a bank account.”
SR Labs, which works with corporations to protect their systems from cyber attacks, believes that fraud operates on two levels. First, the use of credit cards, in which fake payment gateways collect credit card data, but do not take any money. Secondly, fake sales, in which criminals actually take money. There is evidence that the network accepted payments processed through PayPal, Stripe, and other payment services, and in some cases directly from debit or credit cards.
The chain used expired domains to host its fake stores, which experts say can help avoid detection by websites or brand owners. It appears to have a database of 2.7 million such lost domains, and is running tests to see which ones are best used.
In Germany, the owner of a glass bead factory said she gets angry calls almost every day from customers asking where their Lacoste clothes are. She found out that her old website is perlenzwoelfe.de was used for fraud. It was possible to find her because the content that she previously posted at this address was visible in web archives. She reported the fraud to the police. "The officials just said there was nothing they could do about it.”
It was the same story with Michael Roy, who runs Artoyz, an online store in central Paris selling handmade toys. The full catalog of its products was copied. “They changed the name and used a different domain ... they stole images from our website and changed the prices, making them, of course, much lower”"
Customers warned him about fraud. "There's usually not much we can do about it." ... We thought about going to a lawyer, but it takes time and money," he said.
The network appears to have originated in Fujian Province. Many IP addresses (Internet Protocol) can be traced to China, and some can be traced to the cities of Putian and Fuzhou in Fujian Province.
Salary documents found in the data suggest that the individuals were employed as developers and data collectors and were paid through Chinese banks.
Three templates for employment contracts were also published, where the employer is listed as Fuzhou Zhongqing Network Technology Co Ltd.
Officially registered in China and given an official unique identification number, the company lists its address as Fuzhou, the capital of Fujian Province. It is unclear what it has to do with the network.
The contracts set out strict working conditions. An employee is assigned a performance rating, and they can increase their salary by getting a higher rating. They are judged by whether they refrain from playing video games, watching movies, or sleeping at work. If employees are sick or go on vacation, their pay is reduced for missing days, unless they are working overtime.
The data includes a spreadsheet describing the payment between January and October 2022 of a dividend of 2,410,000 yuan (nearly 266,000 pounds) to at least four shareholders of an unnamed company.
Fuzhou Zhongqing now places ads for developers and data collectors on Chinese recruitment sites. The salary of a data scientist is 4500-7000 Chinese yuan (about 500-700 pounds) per month, and the business is described as “a foreign trade company that mainly produces sports shoes, fashion clothing, branded bags and other series."
Fuzhou Zhongqing did not respond to a request for comment.
Action Fraud, the UK's cybercrime reporting center, has said it will seek to eliminate fake online stores.
Online fraud is becoming a growing problem. In the first six months of 2023, there were 77,000 cases of purchase fraud in the UK, where goods are paid for but never materialized, an increase of 43% compared to the same period in 2022. In the US, consumers lost almost $ 8.8 billion due to fraud in 2022, more than 30% more than a year earlier. The second most common fraud reported is related to online shopping fraud.
According to TSB anti-fraud spokesman Matt Hepburn, shopping fraud is the” main driver " of online financial crimes in the UK. He said tech companies should do more to protect consumers. “Search engines and technology platforms should prevent their users from accessing fake sites and quickly remove fraudulent content that is reported to them.”
Esther Abrams, International Engagement Manager at industry collaboration organisation Stop Scams UK, said: "Consumers will only be better protected from criminal gangs using digital systems if businesses and governments make fraud prevention a genuine priority. Investigations like this one show just how much impact we could have on the fight against fraudsters with a more coordinated international effort ”"
• Source: https://www.theguardian.com/money/a...ork-behind-one-of-worlds-largest-online-scams
An international investigation by The Guardian, Die Zeit and Le Monde provides a rare inside look at the mechanism behind what the British Chartered Standards of Commerce Institute called one of the biggest scams of its kind, with 76,000 fake websites being created.
A wealth of data examined by journalists and IT experts indicates that the operation is well-organized, technically savvy - and ongoing.
Operating on an industrial scale, programmers have created tens of thousands of fake online stores offering discounted products from Dior, Nike, Lacoste, Hugo Boss, Versace and Prada, as well as many other premium brands.
Published in multiple languages ranging from English to German, French, Spanish, Swedish, and Italian, the websites appear to have been designed to entice shoppers to part with money and sensitive personal data.
However, the sites have nothing to do with the brands they claim to sell, and in most cases, consumers who reported their experiences said they did not receive any products.
The first fake stores in the network seem to have been created in 2015. According to data analysis, more than 1 million “orders” were processed in the last three years alone. Not all payments were successfully processed, but the analysis shows that the group may have tried to collect up to 50 million euros (43 million pounds) during this period. Many stores have been abandoned, but a third of them – more than 22,500-are still open.
So far, an estimated 800,000 people, almost all of them in Europe and the US, share email addresses, with 476,000 of them sharing debit and credit card details, including their three-digit security number. All of them also gave the network their names, phone numbers, email and postal addresses.
Katherine Hart, lead researcher at the Chartered Trading Standards Institute, described the operation as “one of the biggest fake online shopping scams I've seen. She added "Often these people are part of serious and organized criminal groups, so they collect data and can later use it against people, making consumers more susceptible to phishing attempts.”
"Data is the new currency," said Jake Moore, a global cybersecurity consultant at software company ESET. He warned that such repositories of personal data could also be valuable for foreign intelligence agencies for surveillance purposes. “The overall picture is that it should be assumed that the Chinese government may have potential access to the data, " he added.
The existence of a network of fake stores was revealed by the German consulting company Security Research Labs (SR Labs), which received several gigabytes of data and shared them with Die Zeit.
The core development team seems to have built a system for semi-automated website creation and launch, enabling rapid deployment. It appears that this core managed some of the stores itself, but allowed other groups to use the system. According to the logs, at least 210 users have accessed the system since 2015.
SR Labs consultant Matthias Marks described the model as”franchise-based. He said "The core team is responsible for software development, server system deployment and network support. Franchisees manage the day-to-day operations of fraudulent stores.”
'It shocked me ...’
It was a few weeks before Christmas. 54-year-old Melanie Brown from the English county of Shropshire was looking for a new purse. She posted on Google an image of a leather product from one of her favorite German designers, Rundholz. A website immediately popped up offering the bag at a 50% discount off the regular retail price of £ 200. She added it to the shopping cart.
"It shocked me," she said. After choosing a bag, she noticed other designer clothes from an expensive brand that she likes, called Magnolia Pearl. She found dresses, tops and jeans worth £ 1,200 for 15 items. “I was getting a lot for the money, so I thought it was worth it," she said.
But Brown was tricked. For nearly a decade, the chain, which operates in China's Fujian Province, has used what appears to be a single software platform to create tens of thousands of fake online stores.
There are big global brands like Paul Smith, haute couture houses like Christian Dior, but also more niche, highly sought-after names like Rixo and Stella McCartney, and street retailers like Clarks shoes. Not just clothing-there are fake stores selling quality toys like Playmobil, and at least one selling lighting fixtures.
As part of this investigation, about 49 people were interviewed who claim that they were deceived. The Guardian spoke to 19 UK and US citizens. Their testimonies indicate that these websites were not created to sell counterfeit goods. Most people didn't get anything in the mail. Some of them got it, but the goods were not what they ordered. A customer from Germany paid for a blazer and got cheap sunglasses. A British customer received a fake Cartier ring instead of a shirt, and another was sent an unbranded blue jumper instead of the one they paid for from Paul Smith.
Oddly enough, many people who tried to make purchases never lost money. Either their bank blocked the payment, or the fake store itself didn't process it.
However, all the respondents have one thing in common: they passed on their personal data.
Simon Miller, director of policy and communications at UK-based Stop Scams, said: “Data can be more valuable than sales. If you collect someone's card data, that data is invaluable for hijacking a bank account.”
SR Labs, which works with corporations to protect their systems from cyber attacks, believes that fraud operates on two levels. First, the use of credit cards, in which fake payment gateways collect credit card data, but do not take any money. Secondly, fake sales, in which criminals actually take money. There is evidence that the network accepted payments processed through PayPal, Stripe, and other payment services, and in some cases directly from debit or credit cards.
The chain used expired domains to host its fake stores, which experts say can help avoid detection by websites or brand owners. It appears to have a database of 2.7 million such lost domains, and is running tests to see which ones are best used.
In Germany, the owner of a glass bead factory said she gets angry calls almost every day from customers asking where their Lacoste clothes are. She found out that her old website is perlenzwoelfe.de was used for fraud. It was possible to find her because the content that she previously posted at this address was visible in web archives. She reported the fraud to the police. "The officials just said there was nothing they could do about it.”
It was the same story with Michael Roy, who runs Artoyz, an online store in central Paris selling handmade toys. The full catalog of its products was copied. “They changed the name and used a different domain ... they stole images from our website and changed the prices, making them, of course, much lower”"
Customers warned him about fraud. "There's usually not much we can do about it." ... We thought about going to a lawyer, but it takes time and money," he said.
The network appears to have originated in Fujian Province. Many IP addresses (Internet Protocol) can be traced to China, and some can be traced to the cities of Putian and Fuzhou in Fujian Province.
Salary documents found in the data suggest that the individuals were employed as developers and data collectors and were paid through Chinese banks.
Three templates for employment contracts were also published, where the employer is listed as Fuzhou Zhongqing Network Technology Co Ltd.
Officially registered in China and given an official unique identification number, the company lists its address as Fuzhou, the capital of Fujian Province. It is unclear what it has to do with the network.
The contracts set out strict working conditions. An employee is assigned a performance rating, and they can increase their salary by getting a higher rating. They are judged by whether they refrain from playing video games, watching movies, or sleeping at work. If employees are sick or go on vacation, their pay is reduced for missing days, unless they are working overtime.
The data includes a spreadsheet describing the payment between January and October 2022 of a dividend of 2,410,000 yuan (nearly 266,000 pounds) to at least four shareholders of an unnamed company.
Fuzhou Zhongqing now places ads for developers and data collectors on Chinese recruitment sites. The salary of a data scientist is 4500-7000 Chinese yuan (about 500-700 pounds) per month, and the business is described as “a foreign trade company that mainly produces sports shoes, fashion clothing, branded bags and other series."
Fuzhou Zhongqing did not respond to a request for comment.
Action Fraud, the UK's cybercrime reporting center, has said it will seek to eliminate fake online stores.
Online fraud is becoming a growing problem. In the first six months of 2023, there were 77,000 cases of purchase fraud in the UK, where goods are paid for but never materialized, an increase of 43% compared to the same period in 2022. In the US, consumers lost almost $ 8.8 billion due to fraud in 2022, more than 30% more than a year earlier. The second most common fraud reported is related to online shopping fraud.
According to TSB anti-fraud spokesman Matt Hepburn, shopping fraud is the” main driver " of online financial crimes in the UK. He said tech companies should do more to protect consumers. “Search engines and technology platforms should prevent their users from accessing fake sites and quickly remove fraudulent content that is reported to them.”
Esther Abrams, International Engagement Manager at industry collaboration organisation Stop Scams UK, said: "Consumers will only be better protected from criminal gangs using digital systems if businesses and governments make fraud prevention a genuine priority. Investigations like this one show just how much impact we could have on the fight against fraudsters with a more coordinated international effort ”"
• Source: https://www.theguardian.com/money/a...ork-behind-one-of-worlds-largest-online-scams
