BogusBazaar Online Retail Scam, $10m for LockBitSup’s Name, Storm-0539 Gift Card Phishing

The Daily Decrypt

BogusBazaar Online Retail Scam, $10m for LockBitSup's Name, Storm-0539 Gift Card Phishing

00:00 /

In today’s episode, a massive fraud ring operating as ‘BogusBazaar’ managed to deceive over 850,000 people in the US and Europe, stealing credit card information through over 22,500 fake webshops. Meanwhile, the FBI has issued warnings about the financially motivated hacking group Storm-0539 targeting retail companies through sophisticated phishing attacks, aimed at stealing employees’ login credentials to generate fraudulent gift cards. Also, the US Department of Justice charged Russian national Dmitry Yuryevich Khoroshev as the alleged leader of the LockBit ransomware group, involved in extorting at least $100 million from over 2,000 victims worldwide. Original URLs for further reference: https://www.bleepingcomputer.com/news/security/massive-webshop-fraud-ring-steals-credit-cards-from-850-000-people/, https://www.bleepingcomputer.com/news/security/fbi-warns-of-gift-card-fraud-ring-targeting-retail-companies/, https://krebsonsecurity.com/2024/05/u-s-charges-russian-man-as-boss-of-lockbit-ransomware-group/

tags: BogusBazaar, online shops, consumers, webshop fraud

search phrases:

online shop scams
protect from webshop fraud
verify online shops legitimacy
avoiding credit card theft
Storm-0539 hacker group
phishing attacks prevention
fraudulent gift cards warning
defending against hacking group Storm-0539
Dmitry Yuryevich Khoroshev charges
LockBit ransomware impact

May9

A sprawling network of over 75, 000 fake online shops called Bogus Bazaar has scammed over 850, 000 victims in the U. S. and Europe, resulting in the theft of credit card information and the attempted processing of over 50 million in fake orders.

How can you, as a consumer, protect yourself against these fake online shops?

Retail companies in the United States are being targeted by the financially motivated hacker group Storm0539,

who is using advanced social engineering and phishing tactics to infiltrate gift card departments in order to create fraudulent gift cards.

It’s a tale as old as time, but how can you protect yourself against these social engineering attacks?

And finally, the FBI wasn’t bluffing with WHOISLOCKBITSUP, dimitri Korochev has been charged as the boss of the LockBit ransomware group, extorting over 100 million in ransom from over 2, 000 victims, including small businesses, hospitals, and government agencies.

You’re listening to The Daily Decrypt.

Alright, I don’t know about you, but it seems like I can’t scroll on any social media for more than two minutes without getting bombarded by ads for online retailers.

And a lot of the products they sell look great and are like specifically targeted towards me and I catch myself clicking on them quite often.

And the sites that I get redirected to look pretty good. If it was five to 10 years ago, I would definitely be buying these products from these sites. But now the internet is flooded with these fake scam sites with products that don’t even exist

that are just trying to get a hold of your credit card information.

As a matter of fact, there’s a network of over 75,000 fake online shops named Bogus Bazaar that has scammed over 850,000 individuals.

These individuals were just like me, except they went through with these purchases.

Which resulted in them losing their credit card information,

as well as placing orders in total of over 50 million dollars.

Now, the stolen credit card credentials were sold on the dark web, which enables other threat actors to conduct unauthorized online purchases with the compromised card numbers. Now, if you catch it in time, your credit card company will reimburse you, but that does take a lot of monitoring and maybe they’re gonna charge you for a dollar or two dollars and you might not even notice, but across enough credit cards, they’re gonna get their money’s worth.

And after looking at the geography area of the victims, which is primarily the United States and Western Europe, with very few victims in China, it leads one to believe that China’s probably behind this. But that is not confirmed as of now. Bogus Bazaar has been reduced now to about 22, 500 active sites, down from 75, 000, and offers products like shoes and clothing at significantly low prices to lure you in. The payment pages on these fake sites either collect victim’s payment and personal information, or conduct fraudulent transactions via platforms like PayPal, Stripe, and other credit card payment places.

The criminal group behind the Bogus Bazaar is structured with distinct teams fulfilling specific roles under an infrastructure as a service model with a core team managing infrastructure and network of franchises running the fraudulent shops. It’s also been identified that this group develops custom WooCommerce WordPress plugins to facilitate the data and money theft.

And so just as a reminder, be really careful when you’re downloading plugins to WordPress because WooCommerce is a very popular plugin. If you search for how to start a store on WordPress, it’s the first plugin that comes in. So if you then go to the WordPress store and type in WooCommerce, you’re going to be met with a lot of results.

Sometimes the top one is the official one, sometimes it’s not. And the interesting thing about this group is it’s

acquiring domain names that have a good reputation on Google, but have been deactivated or are pretty old. And so, but bringing them back is much easier because they have thousands of reviews. They have a lot of traffic in the past, et cetera. So you can’t always trust those things either.

The best defense against this is not rushing and not acting with a sense of urgency.

Take some time and poke around each website that you might come across and really use your detective nose to see if something smells fishy.

Another thing you will notice about these sites, which is not a telltale sign, but these sites are hosted in the United States behind Cloudflare authentication. So if you’ve seen that little checkbox, when you go to a store that says, confirm you’re human,

any site can put that on there. on their site. And it’s, it’s generally used

for good to prevent spam and

other sorts of attacks against websites, but it can be used maliciously from the owner of the website to help you feel like a little more secure when you navigate to that website. Like, oh, only an official website, like a legitimate website, a non malicious website would use Cloudflare and some sort of identity verification mechanism, right?

No,

the FBI. Advises consumers to check contact information on websites, check the return policy, look for trust seals, look for certificates. Um, you’re going to notice degraded web content quality, uh, see if they have social media presence and use Google search around for the better business bureau or anything like that to try to confirm that the site you’re buying from is legitimate.

I will also mention that using credit cards is a very good idea because the banks are responsible for the fraudulent transactions as opposed to you, which is the case in debit cards usually. You can get your money back when you use a debit card, but it’s a way bigger pain in the butt.

If you are the type of person who doesn’t have a credit card and only has a debit card and you still shop online, I highly recommend using Checking out the website privacy. com, you give them your debit card, and they create credit card numbers for you. You can set spending limits on these credit cards, and you can cancel them at any time.

There is a free tier that gives you 12 new credit card numbers per month, which can go pretty far. I haven’t had, I haven’t run into a limit yet with that. And it’ll just help compartmentalize your credit cards. your bank accounts so

a similar note, the FBI is warning U. S. retail companies of Storm 0539 Hacking Group targeting gift card departments through quote, sophisticated phishing attacks since January of 2024.

And this attacking group isn’t using any techniques that we haven’t heard of before. It’s bypassing multi factor authentication to target personal and work devices of retail department staff with the aim of stealing login credentials, SSH passwords, and other cryptographic keys.

So basically, they’re just using normal tactics to infiltrate a network, which happens to be the network of a gift card company or a gift card department.

And then they’re going to use similar tactics for lateral movement until they can get to the part where gift cards are registered. And they’re going to go look for unclaimed gift cards and just change email addresses so that those gift cards now belong to them.

The FBI is urging retail companies to update incident response plans, train employees to recognize phishing scams, implement multi factor authentication, and strong password policies,

which are always good tips to follow.

But training employees to recognize phishing scams, emails, calls, etc. is a lot easier said than done. So as an employee, it’s Always look at everything with a skeptical eye, especially someone who’s calling in. How can you verify that what they’re asking is what they’re actually looking for? If you assume that most calls you get are scams, you’re less likely to fall for them. But finding the line between being helpful and being skeptical is an art. But until you master that art, lean on the skeptical side.

And finally, after the FBI

revitalized the LockBit website with teasers of new blog posts identifying members of the LockBit ransomware group on Monday,

for a second time in a few months, because the first time they did it, it was a bluff, well, this time they actually had some information, and the US, UK, and Australia have sanctioned Dmitry Koroshev, Russian national, as the alleged leader of the ransomware group LockBit. The U. S.

Department of Justice has indicted him for attacking over 2, 000 victims and extorting at least 100 million in ransom payments.

Korochev, who’s currently residing in Russia, is accused of being the developer and administrator of LockBit. Since September of 2019, receiving a 20 percent share of each ransom payment extorted from victims, totaling at least 500 million in ransom payments.

The lock bits unmasking by authorities has led to the seizure of the Darknet websites operated by the group, and ultimately resulted decryption tools to help victims recover their systems.

But even though The FBI has identified LockBitSup as Koroshev. The user is denying that tie.

Claiming that the FBI is mistaken and is actually offering a 10 million bounty for anyone who can reveal their real name.

So if that sounds enticing to you, if you think you can find out his real name and that it’s not Koroshev, there might be 10 million in it for you. Alternatively, the FBI is offering $10 million for information leading to this, this individual’s arrest. So you could take this one of two ways and maybe even cash in on $20 million.

But if you have been under attack by lock pit, or are currently under attack by the lock pit ransomware group, the FBI urges you to contact them

because it might be possible to decrypt your assets and rid your systems of this ransomware without having to pay the ransom.