Unwary collectors and youth face mounting cyber risks as scammers launch multilingual fake sites to steal payment data: threat intelligence.

Cybercriminals never waste any time hijacking commercial trends to scam people.

According to one cybersecurity firm’s ground intelligence in the region, the popularity of Labubu dolls has triggered a surge in scam websites targeting collectors worldwide.

Since April 2024, the market for these dolls has exploded, driven by celebrity endorsements and the rarity of certain editions, with some resale prices climbing above US$3,000. The high demand has created a fertile environment for cybercriminals, who have launched hundreds of fraudulent websites in multiple languages, including Portuguese, Spanish, Hungarian, and French.

These counterfeit online shops often mimic the branding and appearance of legitimate retailers of the quirky plush collectibles designed by Hong Kong artist Kasing Lung in “blind boxes”. Scammers lure buyers with promises of exclusive editions, deep discounts, and urgent calls-to-action, offering dolls at prices as low as R$47.90 (US$12.99).

Some sites falsely claim to be “official stores” or to sell “original products imported from Japan, aiming to convince fans that the merchandise on offer is authentic. The primary goal of these scams is to harvest sensitive financial information and personal data from unsuspecting buyers. Victims are enticed to enter their bank card details on convincing fake platforms, but receive no products in return.

The proliferation of these sites demonstrates how cybercriminals are leveraging the international Labubu craze and the excitement around rare collectibles to broaden their reach and maximize their impact. Related scams have been recorded China, Malaysia, Singapore, Thailand and the Philippines, among other countries.

Online shoppers and fans of such collectibles are strongly advised to purchase Labubu dolls only from verified retailers, and to carefully check website URLs for authenticity before entering any payment information.

According to Olga Altukhova, Senior Web Content Analyst, Kaspersky, the firm sharing its threat intelligence with media: “These fraudulent platforms are now appearing in multiple languages, which broadens their reach.”