Inside the BogusBazaar Scam: 850,000+ Victims of Credit Card Fraud

Security Research Labs GmbH (SRLabs) has shed light on an alarming trend in online retail scams in its latest report. An extensive network of fake webshops (known as BogusBazaar) has tricked more than 850,000 unsuspecting shoppers from the US and Europe, siphoning off credit card details and orchestrating around $50 million in fraudulent transactions.

Additionally, countless stolen credit card details were resold on dark web marketplaces, enabling other cybercriminals to buy them and carry out unauthorized online transactions. Find out more about the BogusBazaar scam and how you can stay safe below!

The Mechanics of a Mega Fraud Operation

BogusBazaar is not your run-of-the-mill scam operation. Since 2021, it has set up a staggering 75,000 counterfeit webshops, although the active count has recently decreased to approximately 22,500. 

Most victims are from the USA and Western Europe (Source: SRLabs)

These are not simple setups either. Each shop, often housed on domains that once enjoyed good reputations, offers seemingly irresistible deals on clothing and footwear. The attention to detail extends to semi-automated shop creation with custom branding to enhance perceived legitimacy.

However, it is the payment process where the true deception unfolds. The checkout pages are meticulously crafted to harvest credit card details or process payments via Paypal, Stripe, etc. for goods that will never be delivered .

A Franchise of Fraud

“The group has adopted an ‘infrastructure-as-a-service’ model: A core team is responsible for infrastructure management, while a decentralized network of franchisees operates fraudulent shops,” the SRLabs report explains. This organized structure allows for scalability and decentralization, making the operation robust and difficult to dismantle.

One of the fake webshops (Source: SRLabs)

The core team, a small but specialized group, develops software, manages backends, and customizes WordPress plugins to support their fraudulent activities. Most of the BogusBazaar shops are managed daily by a vast network of franchisees using tools provided by the core team. 

Despite being managed from China, the servers hosting these operations are predominantly based in the United States, cleverly hidden behind Cloudflare to maintain anonymity. Each server hosts between 200 to 500 individual webshops, making tracking and enforcement a formidable challenge.

How to Spot a Fake Webshop

As online shopping continues to surge, knowing how to verify the legitimacy of an online store is more crucial than ever. Here is how you can protect yourself from falling into such traps:

• Check the Basics: Look for comprehensive contact information and a robust return policy. Genuine shops will typically have clear, accessible customer service options.

• Assess the Discounts: Be wary of excessive discounts. While everyone loves a good deal, discounts over 50% should raise red flags if they appear out of context or too good to be true.

• Review the Reviews: Before making a purchase, search for reviews of the website. Feedback from other consumers can provide crucial insights into the legitimacy of the store.

• Inspect the Website’s Design: Pay attention to the overall design and functionality of the website. Beware of poorly designed websites with spelling errors, broken links, or outdated information.

Final Word

By staying informed and vigilant, shoppers can protect themselves from falling victim to sophisticated online scams like BogusBazaar. Remember, if a deal looks too good to be true, it probably is. Stay safe and shop smart!