In what has been described as one of largest scams of its type by the UK’s Chartered Trading Standards Institute, over 800,000 individuals from Europe and the United States have seemingly been tricked into sharing sensitive personal details, including credit card information, with a massive network of counterfeit online designer stores, reportedly originating from China. Collaborative investigations carried out by international sources such as the Guardian, Die Zeit, and Le Monde offer a rare glimpse into the operational methods of this scheme, which has seen the creation of approximately 76,000 fraudulent websites.
Analyses by journalist and IT professionals suggest this operation is highly structured, technologically adept, and actively continuing. At an industrial level, developers have produced tens of thousands of counterfeit online stores presenting discounted items from high-end labels like Dior, Nike, Lacoste, Hugo Boss, Versace, and Prada, among several others. The sites, available in several languages including English, German, French, Spanish, Swedish and Italian, seem to have been designed to ensnare customers into inadvertently offering money and personal details.
Despite claiming to retail such brands, these websites bear no affiliation, and most customers who have shared their experiences reported receiving no goods. Traces of this network’s fraudulent shops can be identified as early as 2015. Over the past three years alone, purportedly, more than 1 million “orders” have been transacted. While not all payments were successful, it is estimated that the network may have attempted to defraud up to €50 million in total. Although many of these fake stores have been abandoned, more than 22,500 maintain their operation.
The findings suggest approximately 800,000 individuals, predominantly from Europe and the US, have parted with their email addresses and 476,000 people have provided sensitive card details, including the three-digit security code. These individuals have also supplied their names, phone numbers, and residential addresses to the network. Jake Moore, a global cybersecurity advisor at ESET, a software firm, cautions that such a wealth of personal data could also be exploited by foreign spy agencies for surveillance reasons. Moore added that it wouldn’t be farfetched to presume that the Chinese government might potentially have access to this data, thus presenting a broader concern.
The exposure of a fraudulent online shop network was announced by Security Research Labs (SR Labs), a cybersecurity firm based in Germany. They managed to secure a substantial amount of data, which was subsequently handed over to Die Zeit.
Within this illicit network, certain key figures appeared to develop a method that allowed for the quick creation and launch of websites. While this central group was discovered to operate several shops independently, they also permitted other groups to utilise this quick-creation system. A minimum of 210 users have made use of this system, according to the findings, since 2015.
Matthias Marx, a consultant for SR Labs, likened their operating model to that of a “franchise system.” “A core team” insists Marx, “takes accountability for software development, backend delivery, and the network’s overall operation, while franchisees are in charge of daily operations of phony shops.”
For almost ten years, a network based in Fujian, China, has reportedly been utilising a single software platform to generate a multitude of counterfeit online shops unbeknownst to the world.
They’ve targeted a wide range of brands, from world-famous brands like Paul Smith and haute couture names like Christian Dior, to sought-after niche brands like Rixo and Stella McCartney, and high-street brands such as Clarks shoes. These fraudulent shops offer a vast array of fakes, including quality toys from Playmobil and even a lighting store.
From our investigation, 49 victims of the scam were interviewed. Of those, 19 were from the UK and the US. Their testimonies suggest that the intention wasn’t to trade counterfeit goods as most received nothing following a purchase. Those who received items ended up with products that were different from what they paid for. For instance, one German shopper expecting a blazer was instead sent cheap sunglasses. A UK customer received a fake Cartier ring instead of a shirt, and another was sent an unbranded blue jumper rather than the Paul Smith item they purchased.
Nonetheless, not all shoppers suffered a financial loss – thanks to their banks blocking the transactions or the fake shops failing to process the payments. However, these victims all shared a common experience; they’d unwittingly surrendered their personal data.
According to Simon Miller, the director of policy and communications for Stop Scams UK, this data can often be more valuable than sales made. He pointed out that collecting someone’s card details can be invaluable when attempting to take over a bank account.
SR Labs, a firm specialising in safeguarding business systems from online threats, suspects a two-tier scam. The first part involves the theft of credit card information through bogus payment portals that don’t actually process transactions. The second part involves fictitious sales in which money is indeed taken by the fraudsters. Evidence suggests payments were made via PayPal, Stripe, and other providers, in some instances directly from credit or debit cards.
Expired domains were utilised by the network to host their sham online shops, a tactic experts believe aids in evading detection. It appears they possess a database of 2.7 million such abandoned domains and conduct checks to ascertain the most effective ones to use.
In one incident in Germany, a glass bead factory owner was bombarded with irate enquiries about undelivered Lacoste apparel ordered from a website that turned out to be a scam. It was an old site of hers, perlenzwoelfe.de, that was hijacked for the scam. She was discovered because previous content from the site was still visible in web archives. She reported the situation to the authorities, but they claimed their hands were tied.
Michael Rouah, who owns Artoyz, a Paris-based store selling handmade toys, faced a similar situation. His entire product catalogue was duplicated and offered at lower prices. The culprits changed the name, used a different domain, and stole product images from his store. Rouah found out about the fraud from his customers, but seeking legal aid proved to be both time-consuming and costly.
The network appears to have its roots in the Fujian province of China. Several IP addresses link back to China, specifically the cities of Putian and Fuzhou in Fujian. Available payroll data reveals that individuals were employed as developers and data collectors, receiving payments through Chinese banks.
In addition to this, three employment contract templates were discovered, listing the employer as Fuzhou Zhongqing Network Technology Co Ltd, a company legally registered in China with an official address in Fuzhou, the capital of Fujian. It remains unclear what ties it has to the criminal network.
The employment terms have clearly defined work parameters. A rating system for the employees’ performance is in place, which potentially leads to a pay rise. Activities such as playing video games, watching films or sleeping while at work are factors under evaluation. If an employee takes a sick leave or holiday, deductions are made from their salary for the days they’ve been absent, unless overcompensation is offered via overtime work.
Over 2.4 million yuan (around £266,000) has been allocated as dividends to no less than four shareholders from an anonymous company, as indicated in the financial records for the period from January to October 2022.
China-based Fuzhou Zhongqing firm is currently recruiting developers and data collection specialists via local job hunting platforms. The compensation for a data collection expert ranges from 4,500 to 7,000 yuan monthly (approximately £500 to £700). The company, predominantly engaged in the manufacture of athletic footwear, stylish apparel, brand-name handbags, among other items, has coupled itself as a foreign trade firm.
Fuzhou Zhongqing company did not provide any comment when approached. -Guardian