A sprawling cybercrime network, “BogusBazaar,” has stolen credit card details from over 850,000 online shoppers, mainly in Western Europe and the United States, by operating tens of thousands of fraudulent e-commerce websites.

Security researchers estimate that since 2021, the hackers have processed over 1 million fake orders totaling more than $50 million.

According to the SRLabs report, the criminal group lures victims to bogus online stores, frequently using expired domains that previously had good Google rankings.

The fake shops, primarily offering name-brand shoes and clothing at steep discounts, harvest customers’ payment information through spoofed checkout pages.

Sometimes, hackers also charge fraudulent amounts to stolen cards.

“When ordering online, a deal that sounds too good probably is,” cautioned a spokesperson for the security research team that uncovered the BogusBazaar operation.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Services like Fakeshop Finder can help consumers verify the legitimacy of unfamiliar e-commerce sites.

Fraud-as-a-Courtesy: How the Cybercrime Ring Operates

Rather than directly running all 75,000+ fake stores, BogusBazaar functions like a criminal “franchise”:

• A core team manages the technical infrastructure, including deploying ready-made fake shops using customized WordPress and WooCommerce plugins
• A decentralized network of “affiliates”, believed to be primarily based in China, handles the day-to-day operations of the bogus stores.

This separation of responsibilities makes the fraud ring more resilient to disruption by law enforcement.

Uncovering the Hackers’ Infrastructure

The security researchers found that each BogusBazaar server typically hosts around 200 fake shops.

The stores’ public-facing presences are protected behind Cloudflare, while payments are processed through gateways like PayPal and Stripe.

Over time, the criminals have developed sophisticated automation to rapidly set up new storefronts and swap out payment pages to evade detection and takedowns.

This technical agility has allowed the fraud network to operate unimpeded for years.”

Our insights will enable infrastructure providers, payment companies, and search engines to identify and prevent this kind of large-scale abuse in the future,” said the research team lead.

Findings have been shared with relevant authorities, and some BogusBazaar shops are already offline.

 Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide