BogusBazaar Online Scam Targets Fashion Consumers

FIT Information Technology Information Security

Security researchers have uncovered an online criminal ring named BogusBazaar. This threat actor group has spun up a web of fake online stores, targeting fashionistas hungry for luxury brands at bargain-basement prices. Think “steal of the century” turned “identity theft in a click.” 

Here’s what’s happening in the scam
Victims are lured by deep discounts on luxury items (mainly shoes and accessories) and shoppers unknowingly enter their payment details on fake checkout pages. In some cases, victims might receive a cheap imitation instead of the coveted designer piece. But in most cases, they receive nothing at all. Over 850,000 shoppers, primarily from the US and Western Europe, have fallen victim to BogusBazaar’s deceptive tactics.

Learn more about this scam
German cybersecurity firm Security Research Labs GmbH (SRLabs) has shared the complete list of BogusBazaar URLs and IoCs [Indicators of Compromise] with the authorities, and while most of the shops have been shut down, many are still in operation. Read more about it here.

Here’s how you can avoid BogusBazaar’s schemes (and similar website scams)

  • Use critical thinking when shopping online by always questioning deals that seem “too good to be true,” especially for luxury brands.
  • Scrutinize the website, look for known indicators (red flags):
    • items, with the original price crossed out and new prices offered with an over 50% discount.
    • no customer reviews, poor reviews, or many reviews posted on the same day.
    • no return policy listed. 
  • Stick to reputable retailers and shop from established, trustworthy websites with a proven track record.

Consumer education is an important effort to stop this type of online fraud!
Have you completed your FIT 2024 mandatory cybersecurity training? The training is 30 minutes long, and you can stop and start the training as many times as you need until it is completed. This training will help you learn ways to defend against scams like these. You have until Friday, May 24th to complete this training. Please log in at https://training.knowbe4.com/auth/saml/794c18510dc5e.

About Cybersafe

The Division of Information Technology is dedicated to protecting the FIT community from the latest cybersecurity threats by providing warnings and creating awareness through training and information-sharing. Visit fitnyc.edu/cybersafe for more information. And stay tuned for emails from [email protected] for the latest from the Cybersafe campaign at FIT.

Read past issues here.

Footer