It was a few weeks before Christmas. Melanie Brown, 54, was looking for a new handbag. She put the image of a leather item from one of her favorite German designers, Rundholz, into Google.  Immediately a website appeared offering the bag at 50% off the usual $200+ retail price. She added it to her cart.  “It reeled me in,” she said. After selecting the bag she spotted other designer clothes from a high-end brand she loves called Magnolia Pearl.  She found dresses, tops and jeans, racking up a $1,200+ bill on 15 items. “I was getting a lot for the money, so I thought it was worth it,” she said.  But Brown was being ripped off. Over nearly a decade, a network operating from Fujian province in China used what appears to be a single software platform to create tens of thousands of fake online shops.

There are the big global brands such as Paul Smith, haute couture houses such as Christian Dior, but also more niche, much sought-after names such as Rixo and Stella McCartney, and high street retailers like Clarks shoes.  Not just clothes – there are fake stores selling quality toys, such as Playmobil, and at least one selling lighting.  About 49 people who say they were scammed have been interviewed for this investigation.  Their evidence suggests these websites were not set up to trade in counterfeit goods. Most people received nothing in the mail. A few did, but the items were not the ones ordered. A Panama shopper paid for a blazer and received cheap sunglasses. A US customer received a bogus Cartier ring instead of a shirt and another person from the UK was sent a non-branded blue jumper instead of the Paul Smith one they had paid for.

Strangely, many who tried to shop never lost any money.  Either their bank blocked the payment, or the fake shop itself did not process it.  However, all of those interviewed have one thing in common: they handed over their private data.  Data can be more valuable than sales. If you have access to someone’s credit card details that data is invaluable for a bank account takeover.  We believe the scam is operating on two levels. First, credit card harvesting, in which fake payment gateways collect credit card data but do not take any money.  Second, fake selling, where the criminals do take money.  There is evidence the network took payments processed via PayPal, Stripe and other payment services, and in some cases directly from debit or credit cards.

The network used expired domains to host its fake shops, which experts say can help to avoid detection by websites or brand owners. It appears to have a database of 2.7m of these orphaned domains and runs tests to check which ones are best to use.  In Germany, the owner of a glass bead factory said she had received angry calls almost every day from shoppers asking where their Lacoste clothes were. She found out that an old website of hers, perlenzwoelfe.de, had been used for the scam. She was findable as content she had previously placed on at that address was visible in web archives.  She reported the fraud to the police. “The officials just said there was nothing they could do about it.”

It was the same story for Michael Rouah who runs Artoyz, an online store and shop in central Paris selling handmade toys.  His full catalogue of products was copied. “They changed the name and used another domain … They stole the images from our website and changed the prices, putting them – of course – much lower.”  He was alerted to the fraud by customers. “We generally can’t do much about it … We explored taking action with a lawyer, but it takes time and it costs money,” he said. The network appears to have originated in Fujian province. Many of the IP (internet protocol) addresses can be traced back to China, some to the Fujian cities of Putian and Fuzhou.

Payroll documents found in the data suggest individuals were hired as developers and data harvesters and paid salaries through Chinese banks.  There were also three templates for employment contracts, where the employer is listed as Fuzhou Zhongqing Network Technology Co Ltd.  Officially registered in China, and issued with an official unique identifier number, the company gives its address as Fuzhou, the capital of Fujian.  It is not clear what connection it has to the network.  The contracts set out strict working conditions. The employee is given a performance score and can increase their salary with a higher ranking. They are judged on whether they refrain from playing video games, watching movies, or sleeping while at work.  If staff are sick or take a holiday, their salary is reduced for days missed unless they work overtime.

The data includes a spreadsheet describing the payment between January and October 2022 of 2,410,000 yuan (almost $300,000) in dividends to at least four shareholders of an unnamed company.  The Fuzhou Zhongqing company is now advertising for developers and data collectors via Chinese recruitment websites.  The salary for a data collection specialist is 4,500-7,000 Chinese yuan (about 600 to $800) a month and the business is described as a “foreign trade company that mainly produces sports shoes, fashion clothing, brand bags, and other series”.

The Fuzhou Zhongqing company did not respond to a request for comment from Newsroom Panama.  Online scams are a growing problem. There were 77,000 cases of purchase fraud – where goods are paid for but never materialize – in the UK in the first six months of 2023, a 43% increase compared with the same period in 2022.  In the US consumers lost nearly $8.8bn to fraud in 2022, an increase of more than 30% over the previous year. The second most commonly reported scam is related to online shopping fraud using your credit card.  Consumers will only be better protected from criminal outfits exploiting digital systems if businesses and governments make scam prevention a genuine priority.  Panama banks are constantly telling their clients in emails to be very careful about whom they give their personal information to including credit cards.  Investigations like this show just how much impact we could have against scammers with a better coordinated international effort