Uncovering network of Chinese fraudsters who launched one of the world’s ‘biggest online scams’, victimizing 800,000 people from Europe and the US who gave up card details and personal details, advertising fake shops with supposed branded goods, who were supposed to sell products at deep discounts. In fact, the data shows, the scammers didn’t necessarily want the money, as the websites declined many transactions, but gained access to their victims’ personal data, which could prove valuable for foreign intelligence purposes. As it turned out, up to 272,000 British service workers may have been victims of a data breach.

The group called ‘BogusBazaar’ is believed to have managed to extort millions of dollars through 75,000 websites. By now, most have been shut down, but researchers estimate that more than 22,500 websites are still operating and defrauding shoppers looking to buy online.

The UK’s trading standards body is calling it one of the biggest scams of its kind, with fraudsters creating more than 75,000 websites emblazoned with the logos of high-end brands from Nike to UNIQLO and Paul Smith to Cartier, who claim to sell products at low prices.

The English versions of the websites also had copy in various European languages, including French, German, Spanish and Italian, intended to deceive unsuspecting buyers.

SR Labs, a German cybersecurity consultancy that discovered the scam, says a group of developers appears to have created a system to rapidly create and deploy websites, dramatically increasing their reach.

The Chinese group, dubbed ‘BogusBazaar’ by SR Labs, is believed to have defrauded its victims out of millions of euros, dollars and pounds since launching its first websites in 2015.

According to estimates, around 476,000 people are believed to have shared their debit and credit card details, including their three-digit security number.

In many cases the scammers were not looking for money. Often, customers were told when they completed the payment that their bank or website had declined the request. While the money may have remained in their accounts, their personal details – including name, address, credit card number and three-digit security code – were all in the hands of the fraudsters.

“Data is the new currency,” Jake Moore, global cyber security consultant at software firm ESET, told the Guardian, adding that we should assume the Chinese government has potential access to the data.

A similar statement was made by the British Minister of Defense, Grant Shapps, who noted a “malignant factor”, but did not confirm the reports about China.

Small developer team and wider management team SR Labs consultant Matthias Marx explained how a small team of developers appears to have created a system that can partially automate the creation and publishing of new versions of cheat pages , helping the team expand its operations rapidly. A larger team is then recruited to oversee and manage the sites, in a franchise fashion.

The core team develops the software and supports the operation of the network, while the franchisees “manage the day-to-day operations of the fraud stores.” SR Labs chose to share the results of its research with the German newspaper Die Zeit, which then partnered with the Guardian and France’s Le Monde.

They offered clothes, children’s toys, household goods and auto parts

According to the research, the Chinese developers used a wide variety in the brands and tricks they used to build the cheat. On the one hand, they used ostensibly big haute couture companies like Christian Dior, but also favorite British brands like Clarks shoes and sites aimed at those who preferred the work of individual designers.

The products they had to sell were not limited to fashion. Websites were found claiming to sell everything from children’s toys to home appliances and garden furniture to car parts.

The websites had nothing to do with the brands they claimed to have for sale. Consumers stated in the survey that they never received the items they thought they had purchased. But the sites managed to trick buyers into sharing their information.