Bogusbazaar fraudulent network has been discovered issuing over a million orders through fake Internet sites, accumulating a total order value of more than $50 million. The latest findings about this new campaign were reported by srlabs in their recent report.
The scam involved fake online shops utilizing expired domains with high Google rankings, enticing unsuspecting victims with attractive offers on shoes and clothing, only to steal their payment card information.
Over 850,000 buyers, primarily from Western Europe, Australia, and the USA, have fallen prey to this scheme. Surprisingly, there have been hardly any victims reported in China, believed to be the main base of the scammers. The network comprises over 75,000 domains, with approximately 22,500 actively operating as of April 2024.
Srlabs highlighted that while each individual case of fraud may have had a modest impact, the scale and organization of the operation enabled the perpetrators to elude law enforcement attention.
The fraudsters employed two primary methods to carry out their crimes: stealing credit card information through fake payment pages and selling non-existent or counterfeit goods via counterfeit payment systems mimicking PayPal and Stripe. Customers who made purchases through these fake services either received nothing or received fake products. The scammers also used fake payment pages that could be swiftly replaced with new ones once fraud was detected.
The structure of Bogusbazaar resembles the “Infrastructure-AS-A-Service” model, with a core team managing the infrastructure and a network of partners overseeing the fraudulent stores.
The process of launching new fake sites was highly automated. Most Bogusbazaar servers were located in the US and utilized Cloudflare protection. Each server could support up to 500 online stores running on WordPress with the WooCommerce plugin.
Srlabs analysts have shared their findings with law enforcement agencies and relevant Internet service providers. While some fake stores have been shut down, it is estimated that tens of thousands of sites are still operational.