Largest Online Scam Uncovered Involving Credit Cards

Fraud Alert in red keys on high-tech computer keyboard background with security engraved lock on fake credit cards. Concept of Internet security, data privacy, cybercrime prevention for online shopping transaction payments.

A Chinese network is behind one of world’s ‘largest online scams’.  Deep discounts on designer brands lured customers to part with their cash, but no goods were ever sent. A vast web of fake shops touting designer brands took money and personal details from 800,000 people in Europe, North, Central, and South America who appear to have been duped into sharing card details and other sensitive personal data with fake online designer shops apparently operated from China.  This gives us a rare inside look at the mechanics of what agencies across the world have described as one of the largest scams of its kind, with 76,000 fake websites created.  They want your credit card information.  If you don’t know these people, don’t do it.  

 

A trove of data examined by reporters and IT experts indicates the operation is highly organized, technically savvy – and ongoing.  Operating on an industrial scale, programmers have created tens of thousands of fake web shops offering discounted goods from Dior, Nike, Lacoste, Hugo Boss, Versace and Prada, as well as many other premium brands.  Published in multiple languages from English to German, French, Spanish, Swedish and Italian, the websites appear to have been set up to lure shoppers into parting with money and sensitive personal data.  However, the sites have no connection to the brands they claim to sell and in most cases consumers who spoke about their experience said they received no items. 

 

The first fake shops in the network appear to have been created in 2015. More than one million “orders” have been processed in the past three years alone, according to analysis of the data. Not all payments were successfully processed, but analysis suggests the group may have attempted to take as much as 50 million dollars over the period.  Many shops have been abandoned, but a third of them – more than 22,500 – are still live.  So far, an estimated 800,000 people, almost all of them in Europe and the Americas, have shared email addresses, with 476,000 of them having shared debit and credit card details, including their three-digit security number.  All of them also handed over their names, phone numbers, email and postal addresses to the network.

 

This is one of the largest online fake shops scams ever.  Often these people are part of serious and organized crime groups so they are harvesting data and may use it against people later, making consumers more susceptible to phishing attempts.  Data is the new currency.  Personal data troves could also be valuable to foreign intelligence agencies for surveillance purposes.  The bigger picture is that one must assume the Chinese government may have potential access to the data.  The fake shops network was developed by a core group of developers who have built a system to semi-automatically create and launch websites, allowing rapid deployment.  This core appears to have operated some shops themselves, but have allowed other groups to use the system. The logs suggest at least 210 users have accessed the system since 2015.  The model is “franchise-like”.  The core team is responsible for developing software, deploying backends, and supporting the operation of the network.  The franchisees manage the day-to-day operations of fraudulent shops.”  Be aware of who you are giving your credit card information to, especially online, and even in person, do not leave your card unattended where a merchant can make a copy of it, back and front.