In the last couple of weeks, there has been an increase in the number of people who have been duped into sharing their card details and other personal information with a network of fake online designer shops that are operated from China, which appear to have duped over 800,000 people in Europe and the United States. This report by the Guardian, Die Zeit, and Le Monde gives an inside look at one of the biggest scams of its kind, one that has created 76,000 fake websites in the UK, considered one of the largest scams. 

Several reporters and IT experts have examined a trove of data indicating an extremely organized, technically proficient operation — and ongoing one. A large number of fake web shops have been created on an industrial scale by programmers who offer discounted goods from brands like Dior, Nike, Lacoste, Hugo Boss, Versace, Prada, and many others on an industrial scale. 

It is believed that over 75,000 websites with logos of various high-end brands, such as Nike, UNIQLO, Paul Smith, and Cartier, are carrying out the ruse, which has been called one of the biggest scams ever to take place. The website claims to sell discounted items, but it is just a ruse. These English versions of the sites are accompanied by duplicates in several other European languages such as French, German, Spanish and Italian, intended to scam unsuspecting consumers from around the globe. 

Even though about two-thirds of these sites were deactivated in the last few weeks, investigators believe that at least 22,500 still exist, and they are still trying to fool bargain-hunting consumers. According to SR Labs, a German cybersecurity consultancy that uncovered the scam, a group of programmers had developed a system that enabled them to create and deploy new websites rapidly, which dramatically increased their reach. 

Reporters and IT experts have examined a vast amount of data to discover that the operation has a lot of organisation, a lot of technical know-how, and has been operating for some time now. As a result, programmers are operating on an industrial scale to create thousands of fake online shops selling Dior, Nike, Lacoste, Hugo Boss, Versace, Prada and other luxury brands at discounts. 

This website appears to have been developed to lure shoppers into parting with money and sensitive personal information by publishing it in multiple languages, from German to French to Spanish to Swedish to Italian, in addition to English. In most cases, however, consumers who spoke about their experiences said that they did not receive any items from the sites, as they had no affiliation to the brands they were claiming to sell. 

It is important to note that in many cases these scammers are not looking to get money from customers. They often inform them upon checkout that their bank, or the website, had rejected their payment request. Even though the funds remained in their accounts, their details - including their full names, addresses, credit card numbers and three-digit security codes - were all in the hands of the scammers, even though their details remained in their accounts. 

A global cybersecurity adviser at the software company ESET, Jake Moore, said in The Guardian that data is the new currency in cybersecurity. It’s important to realize that, as a matter of course, it is safe to assume that the Chinese government might be able to access the data, he stated. At the moment, about 800,000 people have shared email addresses, almost all of them in Europe and the United States. Of these, 476,000 people have also shared debit card and credit card information, including their three-digit security number, which represents their three-digit security code. 

The network collected information concerning all of them, including their names, phone numbers, email addresses, and postal addresses. It was branded as "one of the largest online fake shop scams that I have seen in the past few years" by Katherine Hart, the lead officer at the Chartered Trading Standards Institute. According to her, many of these individuals belong to serious and organised crime groups, or they are affiliated with them, and so they may harvest data that they will be able to use against people later, which makes consumers more vulnerable to phishing attacks." 

The quote by Jake Moore, a global cybersecurity adviser at the company ESET, which makes security software, was described as "data is the new currency." Several foreign intelligence agencies have expressed concern about such data troves which can be used to spy on their subjects by foreign intelligence agencies. Taking a broader perspective, one must assume that the Chinese government may have access to the data, which brings us to the larger picture of the issue," he concluded. 

A German cybersecurity consultancy called Security Research Labs (SR Labs) disclosed the existence of the fake shop's network to Die Zeit, which obtained several gigabytes of data from several sources and shared that data with them. This statement was made by Matthias Marx, SR Labs contractor. He explained that he believes a small team of programmers has been able to develop a system that can automate a portion of the process for creating and deploying new versions of scam sites, which will help the company grow rapidly. 

It then adopts a franchise model rather than the franchise model itself in which a broader team is brought in to oversee and manage these sites. A growing number of people are becoming victims of online scams. In the United Kingdom, the occurrence of purchase fraud, wherein individuals pay for goods that never materialize, surged by 43% during the initial half of 2023 compared to the corresponding period in 2022, reaching a total of 77,000 reported cases. 

Concurrently, in the United States, consumers incurred losses totalling nearly $8.8 billion due to fraud in 2022, marking a notable increase of over 30% from the preceding year. Remarkably, online shopping fraud emerged as the second most frequently reported scam. Matt Hepburn, the designated spokesperson on fraud matters for TSB, underscored that purchase fraud stands as a primary catalyst for online financial crime in the UK.

He advocated for heightened vigilance on the part of technology companies, emphasizing the imperative for them to bolster safeguards that shield consumers. Specifically, he urged search engines and tech platforms to proactively curtail user exposure to fraudulent sites and expeditiously remove reported scam content. Echoing similar sentiments, Hester Abrams, serving as the international engagement manager at Stop Scams UK, stressed the necessity for concerted efforts by both businesses and governmental entities to elevate scam prevention to the forefront of their agendas. Abrams emphasized the potential efficacy of a more cohesive international approach to combating criminal exploitation of digital systems, highlighting the substantial impact that such collective action could yield against scammers.