A large-scale scam conducted by unscrupulous Chinese internet companies, posing as European and American brand stores, has resulted in the theft of sensitive personal data and bank card information from European and American customers, with an estimated 800,000 people falling victim.
An international investigation conducted jointly by The Guardian in the UK, Die Zeit in Germany, and Le Monde in France has uncovered a massive fraud scheme revealing that unscrupulous Chinese internet companies have created up to 76,000 fake websites to lure European and American consumers.
The IP addresses of these counterfeit online stores all point to Fuzhou, China, associated with a company called “Fuzhou Zhongqing Network Technology Co. Ltd.”
This company is recruiting developers and data collectors through Chinese recruitment websites, offering monthly salaries ranging from 4,500 to 7,000 yuan (approximately £500 to £700). The company claims to be a “major foreign trade company producing sports shoes and footwear products.”
The investigation found that the company’s programmers operated on an industrial scale, creating tens of thousands of fake discount stores, featuring brands such as Dior, Nike, Lacoste, Hugo Boss, Versace, and Prada.
These websites are published in various languages including English, German, French, Spanish, Swedish, and Italian.
However, brand owners have confirmed that these websites have no affiliation with them. Victims of the scam have reported not receiving any products after placing orders.
Just before Christmas, 54-year-old UK resident Melanie Brown wanted to purchase a new handbag. She searched for an image of a leather bag designed by her favorite German designer Rundholz on Google. She came across a discount website offering the bag at 50% below the regular price. Excited, she added the bag to her cart.
After selecting the bag, she also found items from her favorite high-end brand Magnolia Pearl. She ended up buying a total of 15 items including a dress, a top, and jeans, totalling £1,200. Thinking she had found a bargain, she later realized she had been deceived.
Michael Rouah, who operates the online store Artoyz in central Paris, stated that the fake websites replicated their product catalog entirely.
“They changed the name and used another domain name… They stole images from our website and altered the prices, significantly lower of course,” Rouah said.
The German cybersecurity consulting company “Security Research Lab” (SR Labs) initially exposed the existence of these counterfeit stores, accumulating gigabytes of data and sharing it with Die Zeit.
They found that the first batch of counterfeit stores was created around 2015. Data analysis showed that in the past three years alone, these fake stores processed over 1 million “orders,” attempting to extract up to €50 million (£43 million) from consumers.
Currently, many fake stores have been abandoned, but a third of them (more than 22,500) continue to operate online.
SR Labs stated that these scams attempt to defraud consumers on two levels: harvesting credit card information, where fake stores collect credit card data but do not take any money, and selling counterfeit goods, with criminals trying to withdraw money from banks.
Evidence suggests that fake stores have processed payments through PayPal, Stripe, and other payment services, and in some cases directly through debit or credit cards.
Moreover, the core development team behind these Chinese fake stores seems to have established a system enabling semi-automatic creation and deployment of websites for rapid deployment. These technicians appear to operate some stores themselves while allowing other groups to use the system. Logs show that at least 210 users have accessed the system since 2015.
To make their deception more convincing, these fake stores have even used expired domain names of brand owners to host counterfeit stores. They seem to have a database containing 2.7 million isolated domains and run tests to check which domains are best suited for use.
Interestingly, in interviews, 49 victims remarked that these stores did not seem to be set up to sell counterfeits because most victims did not receive any products, and the few who did receive packages discovered they were not the items they ordered.
So far, many victims have not suffered tangible losses either because their banks blocked suspicious payments promptly or because the fake stores did not process the orders.
As of now, an estimated 800,000 individuals (almost all from Europe and the US) have provided email addresses to these fake stores, with 476,000 individuals providing debit and credit card details, including the three-digit security code. These fake stores have also acquired a wealth of customer personal information, including names, phone numbers, email addresses, and postal addresses.
Katherine Hart, Chief Officer of the Chartered Trading Standards Institute in the UK, called it “one of the largest online counterfeit store scams I have ever seen.”
She added, “These individuals are often part of serious and organized criminal groups that are collecting data and may potentially use it for future attacks, making consumers more vulnerable to phishing attacks.”
Jake Moore, Global Network Security Consultant at ESET software company, pointed out that personal data could be valuable to foreign intelligence agencies, likely using it for surveillance.
“The bigger problem is that we have to assume that the Chinese (Communist) government may have access to this data,” he added.