I have got a slightly unusual potential scam / phishing / ID and money theft or fake goods scam to report on today. Yesterday I received a message via our submission form about a look-a-like site selling Bose products. The reporter was a bit concerned, saying “This site looks impressive but the price reductions are massive. Not at all what be expected from Bose or even for Bose products.” This intrigued me, so I have done a bit of digging around.
I have to say that it is a very well done scam site that will definitely fool many prospective purchasers. I don’t know where these scammers are spamming out the links, but they must be out there somewhere.
The link I was sent is https://boseoutlet.myshopify.com/password This obviously is a shopify shop. However when you click on any link you end up on https://www.boseexclusive.com which allegedly sells current and discontinued Bose products. The prices are absolutely unbelievable. Bose are a high end product and normally charge extremely high prices for their “exclusive” products. This alleged outlet is selling items for between 10% and 30% of the stated retail price. But if you look on any of the genuine Bose stores worldwide, you will see that the stated full retail price on this scam site is lower than on the genuine Bose sites.
All of this rings alarm bells, so we look a bit deeper. The genuine Bose site has country specific sites & domains and generally prohibit you buying goods from a different country. So in the UK we cannot buy from the USA site, where prices are slightly lower on some goods. There are normally outlet stores on all Bose official sites where reconditioned goods are sold at between 10% to 20% discount from full price.
Now I cannot categorically state that this look-a-like imitation of Bose is a definite scam or criminal enterprise. What I can state is that anybody considering buying from them should be aware of the extremely high likelihood that you will either get no products at all and your identity, credit card details etc will be stolen and used by criminals. Or you will get a totally fake product manufactured somewhere in China or another Far Eastern country that has lax manufacturing or copyright controls, that is potentially very dangerous.
These are a few screenshots from the site, taken while I was doing a test purchase with a Fake ID & test credit card number
Start with the shopify link
Next click any link to go boseexclusive.com which is probably embedding the shopify back-end into the site
Next choose an item
And add to basket
Next credit card details and this is where we find out that this is a Chinese scam or rip-off ( or at least performed by Chinese Speaking entities)
We can see that the Chinese payment site is embedded in the fake Bose site via an Iframe to https://www.yhpays.com/index.php/Payway/securepay
If you go to the home page of https://www.yhpays.com/ you see you get a sign in for merchants or sub-accounts all in Chinese. This company might well be a legitimate Chinese payment company, but I have doubts on how legal or legit it is.
This domain is behind cloudflare and was only registered on 26 March 2019, allegedly by a Malaysian entity or person so again rings very loud warning bells. Any newly created company that takes credit cards is automatically suspect.
Domain Name: YHPAYS.COM Registry Domain ID: 2373192996_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.webnic.cc Registrar URL: http://www.webnic.cc Updated Date: 2019-03-26T02:00:31Z Creation Date: 2019-03-26T01:43:46Z Registry Expiry Date: 2020-03-26T01:43:46Z Registrar: Web Commerce Communications Limited dba WebNic.cc Registrar IANA ID: 460 Registrar Abuse Contact Email: email@example.com Registrar Abuse Contact Phone: +603.89966788 Domain Status: ok https://icann.org/epp#ok Name Server: AIDEN.NS.CLOUDFLARE.COM Name Server: MELISSA.NS.CLOUDFLARE.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2019-05-14T05:10:25Z <<<
Queried whois.webnic.cc with “yhpays.com“…
Domain Name: yhpays.com Registry Domain ID: 2373192996_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.webnic.cc Registrar URL: webnic.cc Updated Date: 2019-03-26T01:43:46Z Creation Date: 2019-03-26T01:43:48Z Registrar Registration Expiration Date: 2020-03-26T01:43:46Z Registrar: WEBCC Registrar IANA ID: 460 Registrar Abuse Contact Email: firstname.lastname@example.org Registrar Abuse Contact Phone: +60.389966799 Domain Status: ok https://icann.org/epp#ok Registry Registrant ID: Not Available From Registry Registrant Name: Domain Admin Registrant Organization: Whoisprotection.cc Registrant Street: L4-E-2, Level 4, Enterprise 4, Technology Park Malaysia, Bukit Jalil Registrant City: Kuala Lumpur Registrant State/Province: Wilayah Persekutuan Registrant Postal Code: 57000 Registrant Country: Malaysia Registrant Phone: +60.389966788 Registrant Phone Ext: Registrant Fax: +60.389966788 Registrant Fax Ext: Registrant Email: email@example.com Registry Admin ID: Not Available From Registry
Now lets look quickly at boseexclusive.com where we see that this was also registered very recently on 30 April 2019 with everything behind privacy protection but hosted by EGIHosting who appear to be a joint USA / Chinese venture
Domain Whois record
Queried whois.internic.net with “dom boseexclusive.com“…
Domain Name: BOSEEXCLUSIVE.COM Registry Domain ID: 2385868082_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namesilo.com Registrar URL: http://www.namesilo.com Updated Date: 2019-04-30T05:25:03Z Creation Date: 2019-04-30T05:25:03Z Registry Expiry Date: 2020-04-30T05:25:03Z Registrar: NameSilo, LLC Registrar IANA ID: 1479 Registrar Abuse Contact Email: firstname.lastname@example.org Registrar Abuse Contact Phone: +1.4805240066 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1.DNSOWL.COM Name Server: NS2.DNSOWL.COM Name Server: NS3.DNSOWL.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/ >>> Last update of whois database: 2019-05-13T13:27:43Z <<<
Queried whois.namesilo.com with “boseexclusive.com“…
Domain Name: boseexclusive.com Registry Domain ID: 2385868082_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namesilo.com Registrar URL: https://www.namesilo.com/ Updated Date: 2019-05-12T07:00:00Z Creation Date: 2019-04-29T07:00:00Z Registrar Registration Expiration Date: 2020-04-29T07:00:00Z Registrar: NameSilo, LLC Registrar IANA ID: 1479 Registrar Abuse Contact Email: email@example.com Registrar Abuse Contact Phone: +1.4805240066 Reseller: domain manage Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited Registry Registrant ID: Registrant Name: Domain Administrator Registrant Organization: See PrivacyGuardian.org Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255 Registrant City: Phoenix Registrant State/Province: AZ Registrant Postal Code: 85016 Registrant Country: US Registrant Phone: +1.3478717726 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: firstname.lastname@example.org Registry Admin ID:
Network Whois record
Queried whois.arin.net with “n 126.96.36.199“…
NetRange: 188.8.131.52 - 184.108.40.206 CIDR: 220.127.116.11/15 NetName: EGN-23 NetHandle: NET-172-120-0-0-1 Parent: NET172 (NET-172-0-0-0-0) NetType: Direct Allocation OriginAS: AS18779 Organization: EGIHosting (EGNL-1) RegDate: 2015-06-23 Updated: 2015-06-23 Ref: https://rdap.arin.net/registry/ip/18.104.22.168 OrgName: EGIHosting OrgId: EGNL-1 Address: 55 S. Market St. Address: Suite 1616 City: San Jose StateProv: CA PostalCode: 95113 Country: US RegDate: 2007-07-23 Updated: 2018-04-11 Comment: http://egihosting.com Ref: https://rdap.arin.net/registry/entity/EGNL-1