Our story begins with a search on Google, which serves up an official-looking website belonging to a major bike brand. Maybe the site has a hard-to-find part. Maybe the site has hard-to-believe prices. Maybe it’s representing itself as a brand outlet store, and it looks legit enough: the right logos in the right places, the right spec lists and model names.
So maybe you take the plunge, tap in your credit card number, hit submit and waiting for a delivery.
You’ll be waiting a while, because this is not a real website selling real goods. It’s not even selling counterfeits. Its currency is misplaced trust, and what you’ll get in return is credit card theft. It’s a sophisticated scam operating across numerous brands in the cycling industry and beyond, across thousands of websites, and likely many more victims. For investigators and brand protection staffers, it’s a huge problem – and it’s getting worse.
Let me introduce you to exhibit A: a website, since deleted, called bike-specialized.com. It sounds like it might be a Specialized property. It looks (a bit) like Specialized. And, until it was taken down, the website convinced numerous people that there might be actual Specialized products they wanted to buy from there.
Paul (not his real name) was one of them. Alerted to bike-specialized.com by a friend who’d stumbled across it Googling for a particular tyre, things looked legit enough. “The tyres were priced at $35-$40, if I recall. So not totally unrealistic as a sale price,” Paul told me. “But then the bike prices were like … woah, this is a scam.” Alongside the modestly discounted bottle cages and CO2 canisters was an inventory of high-end road and cyclocross bikes – models like the Tarmac, the Aethos, the Crux – at comically low prices.
Still, a morbid curiosity drew him further in. Paul knew that he wouldn’t be receiving an “S-Works Tarmac SL7 Dura Ace Di2” (RRP US$14,250 / AU$20,400) for $95.99, but he wondered what the scam would be. Would he receive anything at all? Would he get an emailed invoice telling him that an impossibly priced superbike was held up in customs, released only with further payment? Using a burner card number via privacy.com, Paul completed his transaction. The waiting game began.
There’s a naivety to it, maybe, but it’s one that I can relate to. It’s the same impulse that drives people to read and reply to spam emails, to string along dodgy telemarketers, to see where the rabbit hole ends.
When the site came onto my radar, it was pretty clear that it was a front for something suspect, but it wasn’t clear what, exactly. I thought of the RouteWerks handlebar bag – a product I’d written about previously, which had been the target of cunning imitators who’d ship consumers a cheap copy that made it impossible to dispute the transaction with banks and PayPal. I thought of money being whisked from one account to another, and wondered whether it would be possible to get to the bottom of that journey.
So I started looking around the website for clues: addresses, photos, quirks. Someone was behind this, and now, someone was looking for them.
The ‘contact’ page on bike-specialized.com had a New York City address (allegedly), but Google Maps was drawing a blank on a Godfrey Road. That was a pretty ominous sign, but because I am A Proper Journalist With A Thirst For Funny Google Detritus, I scoured the postcode – the prestigious West Village – for a cut-price Specialized dealer.
There were fancy bakeries, a dog park, the Hudson River glistening to the west, the apartment building from Friends1 and Sex and the City protagonist Carrie Bradshaw’s building2.
1 4.4 stars, sample review that sounds like a living nightmare: “Others around us that were there for the same reason could be heard singing the theme song or saying the most known quotes from the series such as ‘PIVOT'”.
2 Also 4.4 stars, has a chain across the steps and a donation box for photos, which seems a bit opportunistic to me.
There was no bike shop that I could find, but ever the optimist, that didn’t mean it was case-closed. Maybe it was an oversight; mistakes happen, even if you’re (pretending to be) the discount branch of the world’s most influential bike company. Unfortunately an attempt to connect with bike-specialized on a human level went unanswered:
If that wasn’t enough to send me – a total Charlotte – spiralling, there were bigger regrets. Like the fact that I never got around to biting the bullet on the $93.99 Specialized Crux in my shopping cart before, one day, the website suddenly got taken down:
Meanwhile, Paul had been waiting for a couple of weeks for a Tarmac that firstly, probably never existed, and secondly, would never arrive. But because he’d used a burner card set up to make that one transaction and one transaction only, he had a few extra clues for me to mull over.
First things first, the money had come out of his account, with the merchant listed as ‘Bestduka.com Discount’. Other charges had been attempted, too: for the delivery service DoorDash, and for the Australian streaming service, Stan.com.au.
Luckily for Paul, the precautions he’d taken meant the transactions had bounced. But, as a search for ‘Bestduka.com’ revealed, many dozens of other consumers haven’t been so lucky – and it was a bigger issue than just bikes. Bestduka had been the name appearing on bank statements for fraudulent purchases of coffee tables, pet healthcare, “toilet accessories”, and discount sneakers, along with DT Swiss and Giant Bicycles.
The modus operandi always seemed to be the same: an official-looking website with an official-sounding URL used as a trap for unsuspecting consumers. Sometimes the victim’s bank had picked up and blocked the transaction, but sometimes they were hit with charge after charge – from small amounts all the way up to US$8,700 in online furniture purchases.
Bestduka – whatever and whoever that even was – had been doing a lot of business, and leaving a substantial trail in its wake.
So where did the trail begin?
Into the web
For at least some of the jilted consumers over at web-security review site Trustpilot.com, the answer pointed in one surprising direction.
Julia, shopping for cat vitamins and being caught by a “10000% SCAM!!”, traced her transactions back to Tanzania. JaySea, a shopper with an unquenched thirst for Disney merch, was even more specific: the east African country’s largest city, Dar es Salaam. Paul and Russ (hunting designer baby clothing and ‘contemporary taps’ respectively) arrived at the same conclusion. Amazingly, even after figuring this out, Russ got scammed again by someone calling from a ‘bank’ asking for one-time passcodes to hack his account. Of the multiple Tanzanian fraudsters identified on TrustPilot, some were listed as ‘Bestduka discount store’, and sometimes as ‘Bestduka fashion store’.
A bit of Google Maps sleuthing unearthed a Tanzanian Bestduka in a small town sprawl in the country’s northeast:
… but the details didn’t check out, looking more like a single-story general store than a den of online villainy [‘duka’, translated from Swahili, simply means ‘store’].
Nothing showed up in Dar es Salaam, a thousand kilometres away on the coast – until a separate trust aggregator pointed the finger at an emporium specialising in “products like Women’s Double Breasted Belted Rain Jacket With Removable Hood, Floor Length Off Shoulder Wedding Dress Soft Satin Sheath Short Sleeves Bridal Gowns”.
That certainly sounded like a better match for ‘Bestduka fashion store’ – albeit not fashion that was particularly friendly to an east African climate. Could the business address, located in the eight-level Elia Complex on the fringe of the CBD, be the hub of a major scam network?
A lot of people on the internet seemed to think so, including some guy on Scamwatcher.com who thought he was buying pet supplements from Alabama. “It’s an African SCAM! Please Stay Away!!!,” he implored, attaching a screenshot from the transaction to the Scamwatcher report as proof that it had “redirected to a weird page and showed my order number which is already absolutely scamming [sic] looking”).
It was, indeed, absolutely scamming looking. But something didn’t add up. The transaction had been processed through ‘quanyuwenlv.com’, a barebones website selling ‘daily necessities’ and ‘medical supplies’ such as medical masks. And rather than distant Dar es Salaam, the address given was a lot closer to home.
In fact, I knew it pretty well: it’s the same street my aunt lives on, in the inner Melbourne suburb of Brunswick.
Calling in the experts
By this point I was beginning to lose my mind, having spent far too much time staring at screens looking for clues. It was time to call on someone that was simultaneously representing a victim of the scammers, and was a specialist in fighting them: Specialized’s Global Brand Protection Manager, Andrew Love.
Love, who has been at Specialized for 15 years, has seen the gamut of fraud and scams in the cycling industry. Over that time, he’s invested countless hours following counterfeit goods back to their source, trying to limit reputational risk for his employer and physical risk for consumers. “With the counterfeits it’s really simple, it’s really easy to quantify … you buy a counterfeit cycling helmet, you could die – and people do die. And we’ve talked to many people who’ve been seriously hurt by this, and that’s really easy to understand,” Love told me over Zoom, his background a tongue-in-cheek Matrix-esque string of green code on black.
Scam websites have been around throughout Love’s career too, but there’s been a shift – both in professionalism and quantity. In the early days of his career, Love says that he’d average 10 to 15 site takedowns a year – “but they were almost always kind of amateurish … they weren’t terribly professional, but they were catching people.”
That changed around July 2022. “We started seeing the first of these [more-sophisticated] scammers,” Love says. “One or two of them have appeared a week, and we’ve been machine-gunning them down as they come in. They’re very sophisticated; they look good,” he says. “About half of them I find; the other half our staff or our riders find, and I get people writing in to me and saying ‘oh crap, I think I’ve gotten scammed … is this real?’”
This is a cage fight.
Andrew Love, Specialized
At the time of setting up our call, I’d thought that bike-specialized.com was a one-off. In an email setting up our meeting, Love told me that another six had just popped up, enclosing links to a couple. “This is a cage fight,” he wrote. Sure enough, there they were – following the exact same template as bike-specialized.com.
There was riding-store.com (now deleted), selling a generous spread of products from an address in Edison, New Jersey.
Fortunately, unlike with bike-specialized.com, this address actually exists. Unfortunately for those in the market for a cut-price S-Works Aethos, it is a Costco.
Then there was thebikeplus.com (also since deleted), set in the high-tech surrounds of Palo Alto, California. Was Specialized shipping out bikes from the offices of a not-for-profit software company “bridging the social sector and Silicon Valley”? It seemed unlikely, but still, I had to ask the question:
From the scammer’s perspective, there’s likely some crude mathematics going on. You build something legitimate enough, and some sceptics might believe it. Give a fake business a real address, and hope that people don’t look it up on Street View. Pitch the prices of some rare-enough products in the right ballpark, and people might overlook the red flags. Leave some high-end bikes for less than a hundred bucks, and you’ll catch some people that are willing to take a swing, against their better judgment.
It’s a leaky net, but it’ll catch some fish. Multiply it by hundreds of websites and you’ve got a solid little earner.
Most importantly, it’s not a dumb scam. While some of the people that are caught out by it are gullible or turning an optimistically blind eye to something that’s too good to be true, it’s built to deceive, and it mostly does a pretty good job of that. “If you got together you, me, and four or five of our really smart cycling friends and we were gonna design a scam, we would absolutely do this, right? These are very bright people,” Love told me.
“I hunt people online for a living and I’m a huge believer in privacy protection laws – it’s absolutely essential – but the internet right now allows certain types of crime to be anonymous. There’s just no getting around it.”
Andrew Love, Specialized
There are layers to it, too. There’s harm done to the business that’s being imitated – some brands that I spoke to off-record said they had to field aggrieved consumers for fake products they never sold. There’s a first hit to the consumer in the initial transaction. Then there are any further charges. There are risks, too, of identity theft – names, email addresses, physical addresses, bank account details, and phone numbers are all entered at the point of sale, which nefarious actors can then use or sell on.
That’s Love’s theory: “If these are like other ID-theft people and you do get scammed by these organizations, not only do you lose your money, you get a nice case of ID theft because they can sell that information that they found, right?” Those extra charges reported by impacted individuals – the streaming subscriptions, the flight tickets and furniture – might not even be from the people behind the scam websites. “Because these are bright people, they’re probably not the ones actually doing it,” Love says. “They probably sold it on the dark web.”
When you multiply the theft and victimhood from a single transaction by the number of sites out there, the challenge – and threat – appears nearly insurmountable.
Specialized is one of the most active in combating this new challenge of the digital age, but as Love shows me in a spreadsheet, the number of brands that are being attacked in this way is significant. He runs me through a tab, just one of many, representing cycling industry brands: “100%, Mavic, Specialized … Shimano parts, FSA, 100% again, Syncros, several Fox ones, GoreWear, Pearl Izumi, Topeak, MAAP, POC … all using the same template.” “Woah,” I say. Love nods.
It’s not just a case of one group of scammers copying another group of scammers, either – “I’ve done organised crime stuff for a long time, dude, and I’ll tell you as a professional having done this for 15 years, this is one group. No question.
“There was a search I ran recently that came up with 2,100 websites off the same template. 2,100!” Love pauses for emphasis. “From every industry. It’s nuts. So how do we stop that? And again, this is all in the past couple of months – this is pretty new.”
Faced with this burgeoning threat, brands tend to take one of two pathways. For some brands – Specialized included – this kind of online impersonation is seen as something worth fighting. For others, it falls into a grey area where there isn’t a tangible enough benefit to warrant a response.
Global titans of the cycling industry Giant and Shimano seem to fall into this latter category (both companies were contacted for this story, but chose not to comment specifically; Shimano Australia pointed to ACCC Scamwatch guidelines on how not to get caught out). Perhaps it all sits on a kind of bell curve – the smallest brands aren’t worth the scammers’ time, and the biggest brands may see it more as an annoyance than an existential threat. Or perhaps it can be explained by cultural differences, with American brands more likely to aggressively defend their IP than their Asian counterparts.
For brands caught in the middle, there are some technological solutions that are evolving.
Melbourne-based apparel company MAAP has grown over the past decade into one of the biggest brands in cycling kit. With that growth and prestige the company has been forced into familiarity with the ways that bad actors prey on the brand. It’s a spectrum that ranges from IP theft – jersey designs copied and pasted onto baggy AliExpress knock-offs – all the way through to scam websites, including some within the ‘Bestduka’ network. The fake website ‘maapsale.store’ is one such example, using the same template as the Specialized scammers.
Do a search of a phrase from fake-MAAP’s ‘About Us’ page – “We have an entire team based in our corporate office in Montgomery, Alabama, that is dedicated to our customers and customers’ experiences!”, for example – and you’ll find another 400 webstores from practically every industry, all copied and pasted with the pictures and products changed as required. Model cars, jewellery, rugs, ‘moderate price self defense weapons’, cat litter … all waiting to trick people into handing over their credit card details. Another key phrase from a different fake outlet store returns a colossal 3,500 results – this is not a small problem.
Like their counterparts at Specialized, the team at MAAP are engaging with the surge of these websites to protect their own identity, and those of their “legitimate wholesale customers”, who are also targeted. The company conceptualises the issue as a two-pronged attack; on brand reputation, and on consumer trust.
“MAAP is actively taking steps to combat scam websites posing as the brand, such as monitoring the web for illegitimate marketplaces, hiring IP and cybersecurity experts, and investing in secure e-commerce and data storage platforms,” MAAP’s VP of Operations, Mitch Wells, told Escape Collective.
A key phrase search from one website returns more than 3,500 results. This is not a small problem.
For some companies dealing with this issue, there are third-party solutions in the toolbox – offerings from the likes of RedPoints, the world’s “fastest-growing Revenue Recovery company”, or Smart Protection, a brand/product/content protection company which claims to “successfully remove 95%+ of the threats detected.” (Neither company responded to several requests for comment). There’s a degree of technological efficiency to these solutions that transcends the crude ‘whack-a-mole’ of manual website takedowns; in the case of Smart Protection, it’s even AI-augmented.
But it’s not free. According to a case study featuring the eyewear brand 100%, more than US$48.5 million in fake product has been removed by RedPoints – supposedly a 14.3x return on investment, which with some back-of-the-napkin maths puts 100%’s spend at more than US$3.3 million in the 20 months they’ve been using the service. That’s a lot of oversized sunglasses and goggles to be slung around Peter Sagan’s neck. (Escape Collective contacted 100% for comment, but did not receive a response prior to publication.)
Another tool in the battle against counterfeit goods and IP infringement can come from a collective response, via the advocacy of a body like the World Federation of the Sporting Goods Industry (WFSGI), which represents the interests of member brands and is an intermediary between them and sporting bodies like the UCI and IOC, governments, and the World Trade Organisation.
“For over 10 years we have been trying to collaborate with experts who can identify through the world wide web the misuse of names, shapes, products, model names …” WFSGI CEO Robbert de Kock told me. “It starts most of the time on the same level – sometimes there are fake products behind it, sometimes there are scams behind it.” A veteran of the sporting goods industry and a former professional athlete, De Kock has navigated these issues from various perspectives, and at the WFSGI has helped expand the industry’s toolbox to fight against threats to its business.
But as fast as the industry response can evolve, De Kock lamented, “these are criminals working behind the scenes, and when criminals are involved they will always try to be a step ahead.” And if you do catch up with them, what next? “Which government am I going to write to? Where are the borders on the web?,” De Kock asked me, hypothetically.
The solution for the WFSGI is trademark and brand protection services via the third party provider Corsearch, which operates in the same space as RedPoints and Smart Protection – “not just the identifying of [threats], but the takedown,” De Kock says. But this is an opt-in above the base WFSGI membership rate, and there is a spectrum of how brands value the need for it. “Our membership fees are so low that they cover our yearly operations, but they do not cover additional operations,” De Kock told me. “We may be responsible for certain things, but not for how they run their business.”
The response at a brand level can vary dramatically, ranging from highly pro-active to largely-disengaged, with brands from litigation-friendly America seemingly leading the charge. Around 10 years ago, Specialized made the business decision to invest in a dedicated in-house team, with a role initially created by Andrew Love soon expanding to a full team that he heads, on the basis that his work indirectly contributes to a better product or brand experience, even if it’s not always quantifiable.
For smaller brands, like MAAP, the impact on the brand’s bottom line is more acutely felt. “The cost of these measures is a burden for independent brands in the cycling industry facing competition from larger brands and increased production and logistics costs,” Wells told me. “In spite of the financial strain, MAAP is determined to take action to protect its customers, data safety, and the elevated MAAP brand experience.”
Perhaps MAAP and the dozens of other cycling brands that have fallen victim to the scam ring can take some cold comfort in the fact that their products are desirable enough that people are looking for them.
“There’s only one thing worse than criminals coming after you with counterfeits and scams and fraud,” Love tells me with the ghost of a smile on his face. “Criminals just not caring, because you suck.”
To catch a scammer
So how do you find those criminals? That’s easier said than done. Spend enough time down the rabbit hole of DNS lookups and whois.com searches and you might think you’re getting close, but maybe you’re not at all. In my search for a network of scam website operators, I thought I’d narrowed it down to a specific commercial building in Dar Es Salaam. The next clue led me to Brunswick, in inner-Melbourne.
Had I cracked the case?
Apparently not, because the address on quanyuwenlv.com wasn’t occupied by an online medical goods warehouse. It wasn’t a retailer at all. It was a “premium accounting and business advisory services” provider in a modern first-floor office with a confused but helpful receptionist who’d never heard of quanyuwenlv, or its English-language trading name, AusKingMall, or the registered business name Anping Techcon Ltd. “I’m sorry,” she told me, kinda nonplussed. “That doesn’t seem right. We’ve been here a while.”
Walking away from the encounter, I didn’t know what I was expecting. Specialized weren’t selling $90 Tarmacs out of New York’s West Village any more than they were out of a Costco in New Jersey. There weren’t 400 webstores in just about every feasible industry based out of Montgomery, Alabama. There were just lies stacked on top of lies, over and over again, and I felt downright naïve to think that I’d find the answer this close to home, above a kebab shop and a gelateria in Brunswick.
When I checked the quanyuwenlv website a few weeks later, it was gone, along with details for a premises it had apparently never occupied in Melbourne, and an address in Dalian, in the north east of China. The listed phone number was ‘switched off or out of service’; my emails didn’t get returned, and in mid-April, the business had been deregistered in Australia.
With the payment gateway gone, there were only hints of how many transactions this website had processed in its lifespan. Some clues in a web safety aggregator estimated that over 300 sites had linked to it, and a Reddit thread suggested that the Chinese payment provider N99Pay was taking a clip on the way through.
In the cold light of day, I was forced to confront the fact that the answer probably wasn’t in the string of other clues I’d picked up along the way, either. Like the woman from Côte d’Ivoire whose name had been on a PayPal account that had received payment for a fake Castelli vest. Or Shutian Tang, the registrant of a fake Smith Outlet store apparently based in a vast office complex in Beijing, not far from the house of a contact who’d offered to go scope it out for me. Or the owners of onlinehumidifier.com, their identity obscured by another scammy-looking group based out of a Kuala Lumpur business park.
Among all the red herrings, from continent to continent, the quanyuwenlv tie-in seemed to be the closest thing to a solid lead, pointing most clearly toward China. But that’s a big country with a lot of people, and linguistic difficulties and distance thwarted me.
What I had learned – to paraphrase the immortal words of Shrek – was that scammers are like onions. Andrew Love at Specialized had even tried to warn me: “The way to solve organized crime is to spend a lot of time figuring out what you can figure out. And you get a lot of data points, a tremendous number of data points. And after a while, you know, 95% of it is garbage, and you discard it. But that 5% is actually really interesting.
“This is part of the art of investigations – it kind of gets to be this black science where you just keep your eyes open and notice things and spend the time.”
At the end of an eternity staring at DNS lookups and whois search results, I realised that Love was right: I didn’t know what the 5% was. Several months into his own investigation, Love was still figuring it out, too, although together with colleagues from other companies he’d also narrowed it down to China. (They’d identified a target city but at risk of compromising their investigation, I agreed not to publish it here.)
In an email after we first spoke, Love revealed that he’d spent years on the trail of criminals in the past, and he seemed content to settle in for the long haul on this one, too. To a point, there isn’t much of a choice – there’s a city of millions of people on the other side of the world, there are delicate negotiations to be had with Chinese law enforcement and financial tracking to be done, and there is little direct action that can be taken until all of those pieces of the jigsaw fall into place.
In the meantime – for MAAP and Specialized and all the other brands that have unwittingly found themselves in this scam ring’s orbit – there’s nothing much to be done. Their task is crude but simple: keep playing whack-a-mole on sites that continue popping up, as fast as they can be removed.
Just before hitting publish on this story, a few months after I started looking into it, I was pointed to a hot new Specialized discount store that’d opened up online. There was a modest tweak on the template that had been used before, but it was unmistakably a product of the same network. This was, I would learn, just one of about 25 stores targeting Specialized that had appeared since I’d first started looking into the story.
The scammers had jumped borders again; I’d seen examples of French outlets, and this one was offering bargain Specialized apparel in German from a fake address in the city of Kassel, central Germany. If I was so inclined, I could trade €77 for a fictional pair of “thermo-latzhose” and have to cancel my credit card as a bonus.
Speaking to me via email, Andrew Love told me that it was yet another example of the “enormous efforts being put in, across multiple languages, to scam people.” Those people – some of whom I’d spoken to and many more that I hadn’t – had taken a roll of the dice on the possibility of a saving.
In the case of Paul, who’d taken a chance on a <$100 S-Works Tarmac, it was the product of a morbid curiosity (he’d eventually been able to recover his payment via his bank). But from these hundreds of websites there were likely thousands of victims who had not been savvy enough to obscure their bank details, or were too embarrassed to admit their naïvety. In that scenario, the scammers win – possibly many times over, as shown by a long list of aggrieved consumers who’d been repeatedly stung with charges.
At the end of a search for the end of the rabbit hole, the abiding feeling I was left with was one of exhaustion, maybe even futility. I wondered whether the brands feel the same way. Not fighting it is not an option, but winning against a foe that can so easily regenerate doesn’t feel easy – it borders on the impossible.
The internet has radically altered the way humanity does business, and there’s a wealth of opportunity there for retailers. The only problem is that the same applies to those in the business of scamming people.
Did we do a good job with this story?