BogusBazaar: Million Orders, $50 Million Fraud Exposed
Over the past three years, the fraudulent network BogusBazaar has processed over a million orders on fake online platforms, with a total transaction volume exceeding $50 million, as reported by SRLabs in their recent study.
These counterfeit stores attracted victims with seemingly lucrative offers on footwear and clothing using expired domains that maintained a strong reputation in Google, ultimately stealing credit card data.
More than 850,000 consumers, primarily from Western Europe, Australia, and the USA, have fallen prey to this scheme, while in China—where the main base of the fraudsters is purported to be—there are virtually no victims. The network includes over 75,000 domains, approximately 22,500 of which were active as of April 2024.
Login into account in email envelope and fishing hook. Phishing scam, hacker attack and web security concept. online scam and steal. vector illustration in flat design
SRLabs notes that while each fraudulent act was relatively small in “volume,” the organization and widespread nature of the operation allowed the perpetrators to remain under the radar of law enforcement agencies.
The fraudsters employed two main methods of crime: collecting credit card data on fake payment pages and selling nonexistent or counterfeit goods through fake payment systems mimicking PayPal and Stripe. Customers who made purchases through these bogus services received nothing or, at best, counterfeit products. Fraudsters also used fake payment pages that could be quickly replaced with new ones upon detection of fraud.
The organizational structure of BogusBazaar resembles an ‘infrastructure-as-a-service’ (IaaS) model, where the main team manages the infrastructure, and a decentralized network of partners operates the fraudulent stores.
The process of creating new sites is highly automated. Most BogusBazaar servers are located in the USA and use Cloudflare protection. A single server can host up to 500 online stores operating on WordPress with the WooCommerce plugin.
Analysts from SRLabs have shared their findings with law enforcement and relevant internet service providers. Some of the counterfeit stores have already been disabled, but tens of thousands of sites are estimated to still be operational.
