Chinese network behind one of world’s ‘largest online scams’

Carmen Aguilar García, Sarah Marsh and Philip McMahon

8 May 2024 at 0:00 am·9-min read

<span>Deep discounts on designer brands lured customers to part with cash, but no goods were sent.</span><span>Composite: Guardian Design/Getty Images</span> — Deep discounts on designer brands lured customers to part with cash, but no goods were sent.Composite: Guardian Design/Getty Images

More than 800,000 people in Europe and the US appear to have been duped into sharing card details and other sensitive personal data with a vast network of fake online designer shops apparently operated from China.

An international investigation by the Guardian, Die Zeit and Le Monde gives a rare inside look at the mechanics of what the UK’s Chartered Trading Standards Institute has described as one of the largest scams of its kind, with 76,000 fake websites created.

A trove of data examined by reporters and IT experts indicates the operation is highly organised, technically savvy – and ongoing.

Operating on an industrial scale, programmers have created tens of thousands of fake web shops offering discounted goods from Dior, Nike, Lacoste, Hugo Boss, Versace and Prada, as well as many other premium brands.

Published in multiple languages from English to German, French, Spanish, Swedish and Italian, the websites appear to have been set up to lure shoppers into parting with money and sensitive personal data.

However, the sites have no connection to the brands they claim to sell and in most cases consumers who spoke about their experience said they received no items.

The first fake shops in the network appear to have been created in 2015. More than 1m “orders” have been processed in the past three years alone, according to analysis of the data. Not all payments were successfully processed, but analysis suggests the group may have attempted to take as much as €50m (£43m) over the period. Many shops have been abandoned, but a third of them – more than 22,500 – are still live.

So far, an estimated 800,000 people, almost all of them in Europe and the US, have shared email addresses, with 476,000 of them having shared debit and credit card details, including their three-digit security number. All of them also handed over their names, phone numbers, email and postal addresses to the network.

Interactive

Katherine Hart, a lead officer at the Chartered Trading Standards Institute, described the operation as “one of the largest online fake shops scams that I have seen”. She added: “Often these people are part of serious and organised crime groups so they are harvesting data and may use it against people later, making consumers more susceptible to phishing attempts.”

“Data is the new currency,” said Jake Moore, a global cybersecurity adviser at the software company ESET. He warned such personal data troves could also be valuable to foreign intelligence agencies for surveillance purposes. “The bigger picture is that one must assume the Chinese government may have potential access to the data,” he added.

The existence of the fake shops network was revealed by Security Research Labs (SR Labs), a German cybersecurity consultancy, which obtained several gigabytes of data and shared it with Die Zeit.

A core group of developers appears to have built a system to semi-automatically create and launch websites, allowing rapid deployment. This core appears to have operated some shops themselves, but to have allowed other groups to use the system. The logs suggest at least 210 users have accessed the system since 2015.

SR Labs consultant Matthias Marx described the model as “franchise-like”. He said: “The core team is responsible for developing software, deploying backends, and supporting the operation of the network. The franchisees manage the day-to-day operations of fraudulent shops.”

‘It reeled me in …’

It was a few weeks before Christmas. Melanie Brown, 54, from Shropshire in England, was looking for a new handbag. She put the image of a leather item from one of her favourite German designers, Rundholz, into Google. Immediately a website appeared offering the bag at 50% off the usual £200 retail price. She added it to her cart.

“It reeled me in,” she said. After selecting the bag she spotted other designer clothes from a high-end brand she loves called Magnolia Pearl. She found dresses, tops and jeans, racking up a £1,200 bill on 15 items. “I was getting a lot for the money, so I thought it was worth it,” she said.

But Brown was being ripped off. Over nearly a decade, a network operating from Fujian province in China used what appears to be a single software platform to create tens of thousands of fake online shops.

There are the big global brands such as Paul Smith, haute couture houses such as Christian Dior, but also more niche, much sought-after names such as Rixo and Stella McCartney, and high street retailers like Clarks shoes. Not just clothes – there are fake stores selling quality toys, such as Playmobil, and at least one selling lighting.

About 49 people who say they were scammed have been interviewed for this investigation. The Guardian spoke to 19 from the UK and the US. Their evidence suggests these websites were not set up to trade in counterfeit goods. Most people received nothing in the mail. A few did, but the items were not the ones ordered. A German shopper paid for a blazer and received cheap sunglasses. A British customer received a bogus Cartier ring instead of a shirt and another was sent a non-branded blue jumper instead of the Paul Smith one they had paid for.

Strangely, many who tried to shop never lost money. Either their bank blocked the payment, or the fake shop itself did not process it.

However, all of those interviewed have one thing in common: they handed over their private data.

Simon Miller, the director of policy and communications for Stop Scams UK, said: “Data can be more valuable than sales. If you are hoovering up someone’s card details that data is invaluable then for a bank account takeover.”

SR Labs, which works with corporations to protect their systems from cyber-attacks, believes the scam is operating on two levels. First, credit card harvesting, in which fake payment gateways collect credit card data but do not take any money. Second, fake selling, where the criminals do take money. There is evidence the network took payments processed via PayPal, Stripe and other payment services, and in some cases directly from debit or credit cards.

The network used expired domains to host its fake shops, which experts say can help to avoid detection by websites or brand owners. It appears to have a database of 2.7m of these orphaned domains and runs tests to check which ones are best to use.

In Germany, the owner of a glass bead factory said she had received angry calls almost every day from shoppers asking where their Lacoste clothes were. She found out that an old website of hers, perlenzwoelfe.de, had been used for the scam. She was findable as content she had previously placed on at that address was visible in web archives. She reported the fraud to the police. “The officials just said there was nothing they could do about it.”

It was the same story for Michael Rouah who runs Artoyz, an online store and shop in central Paris selling handmade toys. His full catalogue of products was copied. “They changed the name and used another domain … They stole the images from our website and changed the prices, putting them – of course – much lower.”

He was alerted to the fraud by customers. “We generally can’t do much about it … We explored taking action with a lawyer, but it takes time and it costs money,” he said.

The network appears to have originated in Fujian province. Many of the IP (internet protocol) addresses can be traced back to China, some to the Fujian cities of Putian and Fuzhou.

Payroll documents found in the data suggest individuals were hired as developers and data harvesters and paid salaries through Chinese banks.

There were also three templates for employment contracts, where the employer is listed as Fuzhou Zhongqing Network Technology Co Ltd.

Officially registered in China, and issued with an official unique identifier number, the company gives its address as Fuzhou, the capital of Fujian. It is not clear what connection it has to the network.

The contracts set out strict working conditions. The employee is given a performance score and can increase their salary with a higher ranking. They are judged on whether they refrain from playing video games, watching movies, or sleeping while at work. If staff are sick or take a holiday, their salary is reduced for days missed unless they work overtime.

The data includes a spreadsheet describing the payment between January and October 2022 of 2,410,000 yuan (almost £266,000) in dividends to at least four shareholders of an unnamed company.

The Fuzhou Zhongqing company is now advertising for developers and data collectors via Chinese recruitment websites. The salary for a data collection specialist is 4,500-7,000 Chinese yuan (about £500 to £700) a monthand the business is described as a “foreign trade company that mainly produces sports shoes, fashion clothing, brand bags, and other series”.

The Fuzhou Zhongqing company did not respond to a request for comment.

Action Fraud, the UK’s reporting centre for cybercrime, said it would seek to have the fake web shops taken down.

Online scams are a growing problem. There were 77,000 cases of purchase fraud – where goods are paid for but never materialise – in the UK in the first six months of 2023, a 43% increase compared with the same period in 2022. In the US consumers lost nearly $8.8bn to fraud in 2022, an increase of more than 30% over the previous year. The second most commonly reported scam is related to online shopping fraud.

According to the TSB fraud spokesperson Matt Hepburn, purchase fraud is “the biggest driver” of online financial crime in the UK. He said technology companies should do more to protect consumers. “Search engines and tech platforms must prevent their users from being exposed to fake sites, and swiftly remove the scam content that is reported to them.”

Hester Abrams, the international engagement manager at the industry collaboration Stop Scams UK, said: “Consumers will only be better protected from criminal outfits exploiting digital systems if businesses and governments make scam prevention a genuine priority. Investigations like this show just how much impact we could have against scammers with a better coordinated international effort.”

Additional reporting from Helen Davidson and Chi-hui Lin

OK! Magazine
Late Queen's cryptic nine-word reply to Harry when he asked to marry Meghan Markle
It's six years to the day that Prince Harry married Meghan Markle at Windsor Castle - in his memoir, Harry recalls the moment he asked his grandmother if he could marry Meghan
Sky News
Yvette Fielding says she was assaulted by Rolf Harris on Blue Peter and left alone with Jimmy Savile
Blue Peter's youngest ever presenter has claimed disgraced entertainer Rolf Harris sexually assaulted her when she was a teenage host of the children's show. Yvette Fielding, who joined the long-running BBC programme aged 18, told the Sun newspaper how the paedophile predator squeezed and patted her bottom after finding herself alone with him in a TV studio. The now 55-year-old also recalled an uncomfortable experience with "grotesque" Jimmy Savile, who was later revealed to be one of Britain's most prolific sex offenders.
OK! Magazine
King Charles and Queen Camilla could miss year's biggest wedding after brutal 'snub'
King Charles and Queen Camilla could be set to miss out on the Duke Of Westminster's lavish 'wedding of the year' next month after a snub from the Duke's family in 2004
OK! Magazine
Piers Morgan delivers devastating 14-word verdict on Fury v Usyk that will be tough reading for Tyson
TV star Piers Morgan has weighed in on last night's boxing action between Tyson Fury v Oleksandr Usyk - and the British fighter should look away now.
Hello!
Emily Andre shares adorable video of baby girl Arabella Rose from lavish family home
Emily Andre welcomed her third child with her husband, Peter Andre just weeks ago and shared an adorable new video of her precious bundle on Saturday. See video.
The Daily Beast
Prince Harry, Meghan Markle Push Back on Nigerian ‘Wanted Fugitive’ Claims
Akintunde Akinleye/ReutersMeghan and Harry counter ‘free flight’ claimsSources in Prince Harry and Meghan Markle’s camp have defended the couple after claims were made in the Daily Mail that they were flown around Nigeria for free “by an airline whose chairman is a fugitive wanted in the U.S.”The Mail said that the founder of Nigerian airline Air Peace, Dr. Allen Onyema, which provided the Sussexes with air transport during their tour of Nigeria, is wanted in the US, “facing multiple charges lin
OK! Magazine
Our Yorkshire Farm's Reuben Owen's huge fail as fans rushed in with support
Our Yorkshire Farm is the hit Channel 5 show that follows Amanda and Clive Owen and their nine children, and it's resulted in a spin-off show, featuring their eldest child, Reuben
The Telegraph
Remainers are incapable of admitting the truth about the EU, and Europe’s shift Right
Suppose that David Cameron had returned from Brussels in February 2016 with something tangible. Perhaps he had acquired the right to deny benefits to new EU immigrants. Or perhaps he had recovered control of fisheries policy. Or maybe Britain had opted out of the EU’s criminal justice system.
OK! Magazine
Britain's Got Talent fans 'figure out' time-travelling couple's magic trick
Britain's Got Talent viewers were left amazed over a magic and illusionist couple after they seemingly 'went into the future' but other fans have been quick to 'rumble' the trick
Birmingham Live
Prince William sent Harry a message with George picture and he 'took it to heart'
The Royal Family heir to the throne and Harry have a tumultuous relationship in the wake of the latter's exit from the royals alongside wife Meghan Markle.
OK! Magazine
King Charles' Trooping The Colour plans will 'have one major change' amid cancer battle
King Charles III is expected to take part in his official 75th birthday celebrations at next month's Trooping the Colour, but it will be without one big tradition
Hello!
Cheryl is a vision in sheer catsuit with feathered detailing
Cheryl was a vision in sparkly sheer bodysuit for Girls Aloud tour comeback at 3Arena, Dublin alongside bandmates Nadine Coyle, Kimberley Walsh, and Nicola Roberts
OK! Magazine
Rylan Clark sparks concern after missing Radio 2 show
Rylan was noticeably absent from his BBC Radio 2 show. Pal Scott Mills let fans know the real reason why Rylan was not able to present this week as he cited 'exhaustion'
The Telegraph
Anne Robinson confirms she is in relationship with Andrew Parker Bowles
As the so-called “Queen of Mean” and the former husband of the actual Queen, they have been at pains to keep their romance under wraps.
Leeds Live
BBC Morning Live’s Helen Skelton supported as she announces break from TV
Helen Skelton recently reunited with Strictly Come Dancing pro dancers
Hello!
Inside the 'brotherly' friendship between Prince William and Mike Tindall
Prince William and Mike Tindall no doubt have one close friendship, so take a look inside the bond shared between the duo
CNN
Opinion: What I noticed immediately about King Charles’ portrait
The response to King Charles III’s divisive official portrait focused largely its hellfire red hues, but Holly Thomas writes that what she noticed first wasn’t the color, but what it obscured.
CNN
Sports Illustrated celebrates 60 years of iconic swimsuit models
To mark the special issue’s 60th year in print, the magazine has unveiled seven new covers, reuniting past cover models for a “Legends” photo shoot.
Birmingham Live
Mike Tyson slams Jake Paul's body transformation ahead of boxing fight on Netflix
Mike Tyson will fight Jake Paul in a pay-per-view event in July and the boxing legend has mocked his rival's body transformation ahead of their bout
Birmingham Live
Prince Harry 'could have spent two nights' with King Charles in cancer battle but 'declined'
Prince Harry and King Charles, the head of the Royal Family, didn't see each other while the Duke was back in the UK this month to celebrate the 10th Anniversary of the Invictus Games.

‘It reeled me in …’

Latest stories