February 2022. Emilie H., who lives in Paris, is looking to buy a new leather handbag from the Sœur brand. After typing the name of the desired model into the Google search engine, she came across a site displaying an attractive price: 71 euros for a Nottingham bag, normally sold for double that. She places an order, without noticing that the site address, architects-fr.com, is suspicious. “My vigilance was reduced”explains to World the one who was then going through a difficult period in her personal life. She will never receive her purse.
Similar misadventure for Tom C., resident of Hérault. In search of a specific model of Reebok sneakers, he found in the Products tab of Google a merchant site – Anthonybannach.com – which seemed completely professional to him. “I was looking for a color that was quite rare and not easy to find”, he explains. Luckily, this site has just “the right color and size in stock”. He orders ” in complete confidence ” and receives a tracking number for the package. It will never be delivered and Tom C.’s requests for reimbursement will go unheeded.
Emilie H. and Tom C. are far from the only ones to have been trapped. Newspapers The world, Die Zeit and the Guardian were able to consult multiple documents resulting from a leak of documents belonging to a Chinese cybercriminal organization. The German IT security company SR Labs was able to obtain several gigabytes of internal documents from the group, which it shared with Die Zeit and its partners.
The figures are dizzying: in four years, more than 800,000 orders have been placed worldwide on the mafia group’s sites, including at least 170,000 by French Internet users, making France the country most affected by the scams carried out by this group. Called “BogusBazaar” by SR Labs, this organization put more than 75,000 fake merchant sites online during this period, causing damage amounting to several tens of millions of euros.
Fake site factory
The sites are created industrially, on an assembly line basis – even today, more than 22,500 of them are still online – and have been able to operate in relative discretion until now. In 2023, the cybersecurity company Yarix, a subsidiary of the Italian group Var, was the first to sound the alert: it was able to identify around 13,000 sites linked to the same operator, which it had named “FashionMirror”. SR Labs analyzes made it possible to list five times more. All of them copy the catalogs of real online stores, mainly for clothes and shoes, but also for toys or furniture.
You have 76.32% of this article left to read. The rest is reserved for subscribers.
