A Chinese network running countless fake online shops has scammed over 800,000 people in the U.S. and Europe, according to The Guardian. 

These shops dupe people into sharing card details and other sensitive personal data by touting to offer discounted goods from Dior, Nike, Lacoste, Hugo Boss, Versace, and Prada, as well as many other premium brands.

How this online scam works

The Chinese network has more than 22,500 fake online shops that are live, according to an international investigation by The Guardian, Die Zeit, and Le Monde. These online shops lure people into giving away their credit card and debit card details, names, phone numbers, email and postal addresses by claiming to offer designer brands at a discount.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

There are two levels of this scam. In the first level, fake payment gateways trick people into entering their credit card information, but they don’t charge them. This lets the scammers steal card details without taking money. In the second level, the criminals set up fake online stores or other platforms where they actually take money from people.

The Chinese network uses expired domains to host its fake shops, which helps them avoid detection by websites or brand owners. The network is reported to have a database of 2.7 million of these orphaned domains and runs tests to check which ones are best to use.

To date, approximately 800,000 people, primarily in the U.S. and Europe, have shared their email addresses, with 476,000 of them also providing their debit and credit card details, including the three-digit security numbers. The first fake shops in this network were established in 2015. Since then, the group may have attempted to steal up to approximately $54.2 million.

‘TOP GUN’ PRODUCER SAYS HE DOESN’T BELIEVE CLAIMS AI WILL REPLACE KEY JOBS

RECLAIM YOUR PRIVACY BY DISABLING YOUR CELL PHONE CARRIER’S DATA TRACKING

What did affected people say

Many people thought these fake online shops were legit and placed orders, thinking they were getting a great deal. Melanie Brown from Shropshire, England, told The Guardian she was looking for a new handbag and found a leather bag from her favorite German designer, Rundholz, at 50% off on one of these fake online shops. Tempted by the deal, she added it to her cart, along with other designer clothes from Magnolia Pearl, totaling £1,200, which is the equivalent of approximately $1,529for 15 items. However, Brown never received the items.

The Guardian interviewed 19 people from the U.S. and the U.K., revealing these websites were not designed to sell counterfeit goods. Most received nothing, while a few got incorrect items. One German shopper paid for a blazer but got cheap sunglasses. A British customer received a fake Cartier ring instead of a shirt, and another got a non-branded blue jumper instead of the Paul Smith one they ordered.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES.

What does this online scam mean for your privacy and security

The fake online shop scam doesn’t immediately cause monetary harm to you. As The Guardian reports, “many who tried to shop never lost money. Either their bank blocked the payment or the fake shop itself did not process it.”

However, in all cases, these scammers obtained your data, including your address and card details. This data can be used in many ways. The scammers can use it to steal more money than you’d spend on the online shop. They can impersonate your bank or someone you know to trick you into giving them money. Additionally, they can sell this data to dark web criminals or companies for marketing purposes.

MASSIVE DELL DATA BREACH HITS 49 MILLION USERS — WHAT THIS MEANS FOR YOUR PRIVACY AND SECURITY

7 proactive measures to take to protect your data

Online shopping scams can affect anyone and everyone. Here are seven steps you should take to protect your money and your personal data:

1. Invest in personal data removal services: If you ever got scammed through these fake online shops, your data is probably out there online. Personal data removal services can help by scouring the many people search and data broker websites for your data and requesting its removal.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for personal data removal services here. 

CYBERSECURITY EXPERTS SOUND ALARM OVER US POWER GRID VULNERABILITIES

2. Avoid tech support phone scams: Since the hackers have your name and contact number, they may try to get in touch with you, posing as an employee of a popular tech company. They might say they’re from Apple, Microsoft, Amazon or any other big company. Always verify if the tech support person you’re talking to actually works for the company.

3. Be cautious when shopping online: Only shop on reputable, well-known websites that you trust. Be wary of unfamiliar online stores offering steep discounts on luxury brands. Check the website’s URL and security credentials (look for https:// and a lock icon) before entering payment information. Use credit cards rather than debit cards for online purchases, as credit cards offer better fraud protection.

4. Be wary of mailbox communications: Scammers may also try to scam you through the mail. The fake online shops have access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts.

5. Monitor your accounts and transactions: You should regularly check your online accounts and transactions for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible.

6. Use identity theft protection: Identity theft protection companies can track personal information like your home title, Social Security number, phone number and email address and notify you if it’s used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

7. Secure your devices and accounts: Use strong, unique passwords for all your online accounts and enable two-factor authentication whenever possible. Keep your devices updated with the latest security patches and use strong antivirus software. 

The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Kurt’s key takeaways

Online scams are a growing problem, and you must stay vigilant. Scammers are trying their best to access your data to sell it to companies or other scammers. Tech giants need to implement more stringent measures to protect you from being scammed. Also, when shopping online, make sure you buy from trusted vendors and double-check before entering any personal information. In addition, be sure to follow the seven steps we outlined above to protect your money and your personal data. You’ll be glad you did.

Do you think online shopping is unsafe? Have you started buying stuff offline due to concerns about privacy and security? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com.  All rights reserved.