A Chinese network running countless fake online shops has scammed over 800,000 people in the US and Europe, according to The Guardian. These shops dupe people into sharing card details and other sensitive personal data by touting to offer discounted goods from Dior, Nike, Lacoste, Hugo Boss, Versace, and Prada, as well as many other premium brands.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
How this online scam works
The Chinese network has more than 22,500 fake online shops that are live, according to an international investigation by The Guardian, Die Zeit, and Le Monde. These online shops lure people into giving away their credit card and debit card details, names, phone numbers, email, and postal addresses by claiming to offer designer brands at a discount.
There are two levels of this scam. In the first level, fake payment gateways trick people into entering their credit card information, but they don’t charge them. This lets the scammers steal card details without taking money. In the second level, the criminals set up fake online stores or other platforms where they actually take money from people.
The Chinese network uses expired domains to host its fake shops, which helps them avoid detection by websites or brand owners. The network is reported to have a database of 2.7 million of these orphaned domains and runs tests to check which ones are best to use.
To date, approximately 800,000 people, primarily in the US and Europe, have shared their email addresses, with 476,000 of them also providing their debit and credit card details, including the three-digit security numbers. The first fake shops in this network were established in 2015, and since then, the group may have attempted to steal up to approximately $54.2 million.
RECLAIM YOUR PRIVACY BY DISABLING YOUR CELL PHONE CARRIER’S DATA TRACKING
What did affected people say
Many people thought these fake online shops were legit and placed orders, thinking they were getting a great deal. Melanie Brown from Shropshire, England, told The Guardian she was looking for a new handbag and found a leather bag from her favorite German designer, Rundholz, at 50% off on one of these fake online shops. Tempted by the deal, she added it to her cart, along with other designer clothes from Magnolia Pearl, totaling £1,200, which is the equivalent of approximately $1,528.80 for 15 items. However, Brown never received the items.
The Guardian interviewed 19 people from the US and the UK, revealing that these websites were not designed to sell counterfeit goods. Most received nothing, while a few got incorrect items. One German shopper paid for a blazer but got cheap sunglasses. A British customer received a fake Cartier ring instead of a shirt, and another got a non-branded blue jumper instead of the Paul Smith one they ordered.
What does this online scam mean for your privacy and security
The fake online shop scam doesn’t immediately cause monetary harm to you. As The Guardian reports, “many who tried to shop never lost money. Either their bank blocked the payment, or the fake shop itself did not process it.”
However, in all cases, these scammers obtained your data, including your address and card details. This data can be used in many ways. The scammers can use it to steal more money than you’d spend on the online shop. They can impersonate your bank or someone you know to trick you into giving them money. Additionally, they can sell this data to dark web criminals or companies for marketing purposes.
MASSIVE DELL DATA BREACH HITS 49 MILLION USERS — WHAT THIS MEANS FOR YOUR PRIVACY AND SECURITY
7 proactive measures to take to protect your data
Online shopping scams can affect anyone and everyone. Here are 7 steps you should take to protect your money and your personal data:
1) Invest in personal data removal services: If you ever got scammed through these fake online shops, your data is probably out there online. Personal data removal services can help by scouring the many people search and data broker websites for your data and requesting its removal.
While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.
A service like Incogni can help you remove all this personal information from the internet. It has a very clean interface and will scan 195 websites for your information and remove it and keep it removed.
Special for CyberGuy Readers (60% off): Incogni offers A 30-day money-back guarantee and then charges a special CyberGuy discount only through the links in this article of $6.49/month for one person (billed annually) or $13.19/month for your family (up to 4 people) on their annual plan and get a fully automated data removal service, including recurring removal from 175+ data brokers. I recommend the family plan because it works out to only $4.12 per person per month for year-round coverage. It’s an excellent service, and I highly recommend at least trying it out to see what it’s all about.
Check out my top picks for removal services here.
Best services for removing your personal information from the Internet
2) Avoid tech support phone scams: Since the hackers have your name and contact number, they may try to get in touch with you, posing as an employee of a popular tech company. They might say they’re from Apple, Microsoft, Amazon, or any other big company. Always verify if the tech support person you’re talking to actually works for the said company.
3) Be cautious when shopping online: Only shop on reputable, well-known websites that you trust. Be wary of unfamiliar online stores offering steep discounts on luxury brands. Check the website’s URL and security credentials (look for https:// and a lock icon) before entering payment information. Use credit cards rather than debit cards for online purchases, as credit cards offer better fraud protection.
4) Be wary of mailbox communications: Scammers may also try to scam you through the mail. The fake online shops have access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
5) Monitor your accounts and transactions: You should regularly check your online accounts and transactions for suspicious or unauthorized activity. If you notice anything unusual, report it to the service provider or the authorities as soon as possible.
6) Use identity theft protection: Identity theft protection companies can track personal information like your home title, Social Security number (SSN), phone number, and email address and notify you if it’s used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
My top recommendation is Identity Guard. One of the best parts of using Identity Guard is that they might include identity theft insurance of up to 1 million dollars to cover losses and legal fees and a white glove fraud resolution team where a US-based case manager helps you recover any losses.
CyberGuy’s Exclusive Offer: Get the Identity Guard Ultra protection to protect your identity and credit through tax season and beyond for as little as $9.99/mo (lowest offered anywhere) for the first year.
See my tips and best picks on how to protect yourself from identity theft.
7) Secure your devices and accounts: Use strong, unique passwords for all your online accounts and enable two-factor authentication whenever possible. Keep your devices updated with the latest security patches and use strong antivirus software:
The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.
My top pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
Kurt’s key takeaways
Online scams are a growing problem, and you must stay vigilant. Scammers are trying their best to access your data to sell it to companies or other scammers. Tech giants need to implement more stringent measures to protect you from being scammed. Also, when shopping online, make sure you buy from trusted vendors and double-check before entering any personal information. In addition, be sure to follow the 7 steps we outlined above to protect your money and your personal data. You’ll be glad you did.
Do you think online shopping is unsafe? Have you started buying stuff offline due to concerns about privacy and security? Let us know in the comments below.
TO GET MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.
4 comments
What are your thoughts on TEMU?
Hi Mariann, please refer to our article here about this topic: The truth behind TEMU’s deals
These fake sites are not just a Chinese issue. Many cyber criminals creating and operating these fake sites are based in Russia, as well as many other countries. We’ve seen hundreds of these fake sites being advertised on Facebook some months back. Luckily, the quantity of those fake Facebook ads has diminished since they were publicized by you and others!
I’ve fallen for those stupid scams of name brand sake for way way less.. II did it once and I’ll be go to.. I did it again!! It’s not been delivered yet. I’m sick about it. I need to purchase the online security you’ve talked about. Never again!!