Massive Online Fraud: Fake Designer Stores, Millions Stolen

An international investigation conducted by The Guardian, Die Zeit, and Le Monde has uncovered one of the largest online fraud schemes in history. Hundreds of thousands of people across Europe and the United States fell victim to a massive data breach, as fraudsters stole their personal information and bank account details through counterfeit online stores, resulting in the theft of tens of millions of euros.

According to data obtained by journalists and cybersecurity experts, this highly organized and technically sophisticated group created 76,000 fake websites. These sites were disguised as official outlets for premium clothing, footwear, and accessory brands such as Dior, Nike, Lacoste, Hugo Boss, Versace, and Prada.

The websites were launched in multiple languages including English, German, French, Spanish, Swedish, and Italian. Their creators meticulously replicated the design and content of the original stores to mislead unsuspecting shoppers into divulging sensitive personal data, including their credit card numbers and CVV codes.

Over the past three years, this fraudulent network processed more than 1 million “orders”. It is estimated that during this period, the hackers could have stolen up to 50 million euros. The overwhelming majority of victims either received nothing or were sent cheap imitations instead of the luxurious branded items they ordered.

Currently, nearly 800,000 people have disclosed their email addresses, and about 476,000 victims have also provided criminals with full details of their accounts. All victims left their names, phone numbers, and addresses on the site.

Experts warn that the information stolen from customers could be used by fraudsters to orchestrate new scams. Additionally, the troves of personal data could be of interest to foreign intelligence services.

The investigation revealed that the campaign appears to be led by a team of experienced programmers from Fujian Province in China. This central core of developers has created an automated system for rapidly deploying new fake online stores. They not only directly manage the launch of counterfeit sites but also provide access to their platform to other criminal groups on a franchise basis. Logs of this software exploitation have recorded traces of at least 210 buyers who have accessed it since 2015.

Specialists believe that the IT company Fuzhou Zhongqing Network Technology Co Ltd, registered in Fujian, might be involved in the operation. Among its internal documentation were found employment contract templates with suspicious content. These documents stipulate stringent payment terms and strict control over employees involved in collecting personal data and directly developing the fraudulent system.

According to accounting documents, between January and October 2022, an unnamed company paid out approximately 266,000 British pounds in dividends to at least four shareholders. Fuzhou Zhongqing is also actively recruiting new developers and data collection specialists through Chinese recruitment websites.

Although the trail of the scam leads to China, combating the network has proven difficult. The owner of a factory in Germany recounted how his employees received daily calls from angry customers demanding the delivery of ordered Lacoste brand products. It turned out that fraudsters were using the old domain of his company.

Currently, authorities in the UK, other countries, and industry organizations fighting fraud are making efforts to shut down the fake websites created by this criminal network. However, experts point out that tech giants like Google, whose search services help attract customers to these fake online stores, should take proactive measures to protect consumers from such fraudulent schemes.