The online scams They are a growing problem around the world. In Spain, they constitute the vast majority of cybercrimes, a 90% according to the latest crime report presented by the Ministry of the Interior, of almost half a million registered during the year 2023. And although attention is usually paid to those that are distributed through means such as email, SMS or malware, there is another type of scam that is also common is that of fraudulent online stores. Now, an investigation by The Guardian, Die Zeit and Le Monde has exposed a network of fake stores that Katherine Hartan official at the UK Trading Standards Institute, has rated 'one of the biggest fake online store scams I have ever seen'.
This network is made up of more than 76,000 fake websites that mainly offer highly discounted products from brands such as Dior, Nike, Lacoste, Hugo Boss, Versace and Pradaamong many other premium brands, as well as other more niche ones, but always with great discounts on its real price. This network, whose origin points to Chinabegan to be built in 2015 and since then has deceived more than 800,000 people in the United States and Europe. It is what the British media describes as 'a highly organized, technically advanced operation and that continues in progress'.
Logically, fraudulent websites have no connection with the brands they intend to sell and, In most cases, people who made purchases from them did not receive any itemsand in the cases where they did, it was a completely different product than what they expected.
The network was initially discovered by a German cybersecurity consulting firm, Security Research Labs, which obtained several gigabytes of data that it shared with the German media Die Zeit, which began the journalistic investigation. Only in the last 3 years this network has processed more than 1 million orders, according to data analysis, and has been able to obtain up to 43 million eurosdespite the fact that many payments have not been processed successfully, either because the bank has rejected the operation or because the fake store did not charge it.
It must be taken into account that the goal is not just to scam moneybut obtaining personal and payment data is already a success for cybercriminals who, according to Jake Moore, global cybersecurity advisor at the software company ESET, may be valuable to foreign surveillance agencies for surveillance purposes. 'The bigger picture is that one has to assume that the Chinese government could potentially have access to the data,' he tells The Guardian.
So far, an estimated 800,000 people, mainly in Europe and the United States, have shared their email address with the network of fake stores and this group. 476,000 have provided their credit or debit card information, including the CVC code. They also provided their names, telephone numbers and address.
'These people are often part of serious and organized criminal groups, so they are collecting data and can use it against people latermaking consumers more susceptible to phishing attempts,' says Hart.
According to research, cybercriminals have built a software platform to create and bring websites online semi-automatically, allowing for rapid deployment. This core group operates some of the stores, but also gives access to others to use the system. 'It is similar to a franchise. The core team is responsible for developing software, implementing backends, and supporting network operation. Franchisees manage the daily operations of the fraudulent stores,' explains Matthias Marx, a consultant at SR Labs. Records suggest that at least 210 users have accessed the system since 2015.
The stores are presented In different languages according to the browser preferences of the person accessing, including Spanish, French, German, Swedish and Italian in addition to English. Many of them are currently deactivated, but more than 22,5000, about a third, are still operating.
The IP addresses of these websites take to Fujian province, China. Among the data obtained, templates for employment contracts have been found in which the employer listed is Fuzhou Zhongqing Network Technology Co Ltd. This company is registered in China and located in Fuzhou, the capital of Fujian. It has not been possible to establish its connection with the network of fake stores and it has not responded to questions from the media that carried out the investigation.