Investigations have revealed that approximately 70,000 fraudulent online fashion stores, seemingly operated by organizations within China, have duped over 800,000 consumers in Europe and the U.S. These consumers were tricked into handing over personal information, including credit card numbers.
According to The Guardian, Die Zeit, Le Monde, and IT experts, on May 8th, these fake online stores have been operating for a long period in a highly organized manner, and have been falsely advertising heavily discounted clothing from popular brands such as Dior, Nike, Lacoste, Hugo Boss, and Versace.
The websites supported multiple languages including English, German, Spanish, and Swedish, luring shoppers into handing over personal information.
The first of these sites is believed to have been created in 2015. Since then, these fraudulent sites have proliferated, receiving over a million purchase orders in the past three years alone.
Not all subsequent payments were successfully processed, but the scam operators attempted to embezzle up to $57 million over the past three years.
While many of the fraudulent sites have disappeared, more than 22,500 are still operational.
Approximately 800,000 residents of Europe and the U.S. have shared their email addresses with these online stores. Among them, 476,000 have left their debit and credit card information, including the three-digit security code, along with their names, phone numbers, and postal addresses. The UK’s Chartered Trading Standards Institute (CTSI) has classified this incident as one of the largest scams in history.
Katherine Hart, the senior officer at CTSI, stated, “These website creators are often part of serious and organized criminal groups. They collect data that can later be used against people, making consumers more vulnerable to phishing attempts.”
Jake Moore, a security advisor at software company ESET, warned, “If foreign intelligence agencies can use personal data for surveillance, we must assume that the Chinese government could potentially have access to this data.”
Most consumers who made payments received nothing, while some received items they did not order. However, there were also many cases where money was not deducted from bank accounts despite payments being made.
The scam group, based in Fujian Province, China, disguised itself as a trading company, hiring IT developers and data collectors, and even paying salaries through Chinese banks. It is suspected that after setting up the online scam system, they allowed other groups to use it.