Mobile E-commerce Scam: BogusBazaar steals data, millions in fake purchases
HOUSTON - A new report finds hundreds of thousands of consumers who made online purchases should not expect to get their merchandise. As mobile e-commerce continues to grow, especially on social media platforms, a collection of so-called 'retailers' were likely trying to collect valuable personal information as they sold things that never existed.
Houston tech-expert Juan Guevara Torres says there is a hungry demand in the internet's dark corners for personal information that can exploit your reputation and finances.
SUGGESTED: Trial for final wrongful death suit in Astroworld concert crowd crush is set for September
"It's potential for a phishing attack that is trying to retrieve your personal information to sell it to the dark web," he says. "None of that is surprising."
The German cybersecurity firm, Security Research Labs, documents the actions of an operation, dubbed BogusBazaar, that tricked more than 850,000 people in the U.S. and Europe into making purchases that allowed the group to steal credit card information and attempt to process an estimated $50 million in fake orders.
We're told the BogusBazaar is likely based in China, where scammers created 75,000 different websites, often using dormant, but previously legitimate names. On them, they'd advertise items for sale with a big discount that would make consumers think they were getting a deal and entice them to whip out their credit card and provide the 'real' product in this transaction.
A recent study found the average price for a stolen credit card's information is just over $17. Guevara Torres says that should give us pause.
"Unless the platform that you're using is a well-known platform, a retail store that has an online front or (something like) Amazon, I would refrain from using any of these sites unless there is a clear due-diligence from you, the user," he says.
That last part means 'buyer-beware', and taking steps to limit your exposure to what potential scammers can get from you.
"There are people working 24-7 trying to get your personal information, and they're experts," warns Guevara Torres.
While not fool-proof, there are some things that can help identify these fake sites:
- Look for contact information, especially a phone number.
- What's the return policy and customer service?
- Is it more than a superficial website with just a single page that only has an option to buy something?
- Check independent reviews that can give you a real idea whether someone else has already fallen victim.