Researchers from Security Research (SR) Labs have recently uncovered a network of fake e-commerce stores which are created to steal card details and money. Based primarily from China, the BogusBazaar has estimated to have processed over 1 million transactions since 2021 with SRLabs estimating that 850,000 have already fallen victim with $50M worth of non-existent goods being ordered.
In some instances, transactions fall through so the financial damage maybe lower however during purchases BogusBazaar harvests card details and Personal info via fake payment portals. These fake sites look like genuine ones and often try to entice people in selling luxury goods at low prices, they often will choose expired domains with good google reputations as well to seem more genuine with stores usually running on the WooCommerce WordPress plug-in, Zen Cart or OpenCart. SR Labs claims that 22,500 domains are currently in operation however it has been recorded that 75,000 in total have been used by the network.
BogusBazaar operates as an infrastructure as a service model with a core team managing the infrastructure and a decentralised network operating the fraudulent shops. This is beneficial for the organisation as the core team can focus on developing the software and customising fraudulent WordPress plugins while the rest of the network focuses on operating the sites and swapping out payment pages once they are blocked for fraud.
For further advice on shopping safely online you can visit the NCSC website and follow their online shopping guidance: Shopping online securely - NCSC.GOV.UK
Comments