eCommerce Shop Scams

Data from Security Research Labs has revealed a China based fake shopping network that they have named ‘BogusBazaar.’  They claim that:

‘As of April 2024, approximately 22,500 domains were active. The network has processed more than one million orders since 2021, with an estimated aggregate order volume exceeding USD 50 million’.

The scam is run as a fraud as a service model with multiple shop fronts run by affiliate fraudsters.  The webshops are running on WordPress with the WooCommerce plug-in.  Payment pages are not necessarily on the same system as the shop front.  New payment engines being rotated in as others are shut down.  There is a 2-edged sword to the fraud.  Customers pay for goods with apparent deep discounts.  They either never receive the goods or are sent a cheap substitute.  In addition the users’ credit card details are harvested and sold on for subsequent fraud attacks.  The system is wide scale and sophisticated.  A single server may run 200 to 500 distinct webshops with domains, IP addresses and payment providers rotated as a response to takedowns.

A Guardian report in May 2024 indicates that these scam shopping sites are frequently visited in the USA and Northern Europe.  18,950 email addresses were found to have been harvested from the UK.  UK buyers seem to have kept their purchase funds; either due to their banks blocking payments or the site not collecting them.  They still suffered from the theft of personal or financial data.  The theft and sale of verified customer data would be a major part of the business model of these operations.

The fake sites prefer to use recently expired domain names (orphaned domains) for their storefronts.  This has the advantage that search engines and customer reviews may back up the apparent legitimacy of the site.  It adds an additional victim to the mix as the legitimate previous owner of a domain may be contacted in relation to the fraudulent sales.  This was certainly the case for Artoyz, a seller of handmade toys in France whose full catalogue was copied and offered at reduced prices on a fake store.

Genuine online sales will also be affected.  It is said that if a deal is ‘too good to be true’ then it is ‘too good to be true’ but there are genuine deals to be had; for instance due a clearance of slow moving stock or the closure of a business.  In many such cases the perceived bargain will only exist for a limited time making it relatively risky to make a buying decision.

There are ways to reduce the risk of falling victim to these scam shops.  Sites such as Scam Detector will accept a URL and report on its possible validity based on reviews, domain registrations and other Internet activity.  There will always be a problem that by the time comprehensive information is available a scam will have run its course.  Consider a known scam site ‘http://pilosaleltd.com/’ (now offline) that is rated 39.5% by Scam Detector (controversial, risky, red flags).  The genuine seller ‘yachew.com’ rates as 78.6% (fair, valid, known).  Although the conclusions speak for themselves the ratings are far from clear 0% or 100% ratings.

Detector sites will take some time to build up a reliable picture of a seller.  There are other signs of potential danger.

  • How recently was the domain name registered?
  • What physical address is associated with the domain name? Does this make sense compared to the shop location listed on the web site?
  • Are there any related records on the web archive? The ‘Wayback Machine’ will pull out archived websites indicating takeover of an orphaned domain.
  • Look for customer reviews. These could easily be fake but a lack of any reviews or text that does not closely relate to alleged purchases is a bad sign.
  • Are the images original? A reverse image search will show up other instances of the same image.  Some might be legally provided by the manufacturer.  None should be taken directly from other sales sites.
  • Poor grammar and spelling, anyone running a genuine site not in their native language needs to put the effort in here to avoid driving away sales.

If in doubt about making a purchase but still wanting to avoid missing out there are some ways to reduce the risk

  • Pay with PayPal or a pre-paid card with limited funds. This restricts what the user can do with the information.
  • Register any account with a throwaway (but genuine) email address and password; not a combination that is commonly used elsewhere.
  • Contact your bank with any doubts as soon as possible.

More from Security

06/01/2025

Scam Promotions on Facebook

Web adverts promoting questionable offers and schemes are old hat.  Facebook is no exception but unlike wholly dubious hosts or otherwise reliable sites depending …

Read post

04/12/2024

Sitting Duck Attacks

The Sitting Duck attack revolves around taking control of a domain and then using it to distribute malware or as a source for phishing …

Read post

25/11/2024

Developers Hit By Compromised Software Packages

A Typosquat campaign uses slight variations on well-known names to mislead a user to access a rogue rather than genuine asset.  It is well …

Read post

04/11/2024

UK Data (Use and Access) Bill

The Data (Use and Access) Bill had its first reading in the Lords on 23 October 2024.  This step is merely a formal introduction …

Read post

Sign Up

Sign up to our newsletter list here.

    Successful sign up

    Thank you for signing up to our newsletter list.

    Check your inbox for all the latest information from Kindus

    Categories