‘SilkSpecter’ hacking operation uses sophisticated ring of 4,700 spoofed storefronts to dupe shoppers looking for Black Friday deals—here’s how to avoid getting scammed

Sometimes a Black Friday deal really is too good to be true. As you might already suspect, the fast approaching winter quarter is prime time for scammers, and every year fake online storefronts become more sophisticated, working harder than ever before to part you from your hard-earned cash.

The Guardian reports that last Christmas shoppers in the UK lost £11.5m to scams leveraging a sophisticated arsenal of social media posts, online marketplaces, and AI. The newspaper notes that fairytale deals on high-end tech is just one tactic cybercriminals use to dupe shoppers. 

If you needed further convincing of just how widespread the issue is, the EclecticIQ threat research team have identified a ring of close to 4,700 fake online storefronts targeting shoppers specifically looking for Black Friday discounts across the US and Europe (via BleepingComputer). 

First identified in October earlier this year, EclecticIQ’s analysts believe with “high confidence” that, based on the IP addresses involved, the scam ring is being operated by Chinese hackers and have dubbed this group ‘SilkSpecter.’ Their scam ring impersonates storefronts of well-known brands such as Makita, Ikea, and the North Face.

These spoofed sites can convince at a glance, but closer inspection of their URLs will reveal an unusual top-level domain like ‘.shop’ or ‘.store’. Many of these webpages will encourage shoppers to use legitimate payment methods such as Stripe, but it’s not just your money these fake fronts are after.

For a start, the fake Black Friday webpages deploy trackers OpenReplay, TikTok Pixel, and Meta Pixel to collect metadata from victims—such as their location, browser, and OS details. This is in part to dynamically translate the page’s text based on the victim’s IP address, but scraping this user data can also be used by hackers to assess the success of their scam.

ElectricIQ also shares that these spoofed store fronts leverage Stripe to allow “genuine transactions to be completed while covertly exfiltrating sensitive [card holder data] to a server controlled by the attackers.”

During the purchase process, victims are also prompted to volunteer their phone number, and ElectricIQ theorises this is so that hackers can then “conduct vishing (voice phishing) or smishing (SMS phishing) attacks, deceiving victims into providing additional sensitive information, such as 2FA codes, personal identification details, or even account credentials.”

With operations as alarmingly sophisticated as the ‘SilkSpecter’ scam ring, how can one be sure they’re snagging a genuine steal of a deal? Cybercriminals rely on the urgency presented by limited-time Black Friday deals, so one of the best things you can do is to take a step back. Ask yourself, are the vibes off? Could that cheap RTX 4070 Super actually just be a rock in a box? If something online seems too good to be true, it usually is.

A good place to start is by double-checking the address bar: is the webpage using a bizarre top-level domain like ‘.vip,’ or ‘.top’ instead of the more standard ‘.com’? Is there any other weirdness going on with the rest of the URL, like instead of ‘thenorthface.co.uk,’ you’re seeing ‘northfaceblackfriday.shop’? Is there a typo in the URL?

If you’re still not sure, you can run a suspicious URL through Get Safe Online’s Check a Website tool, which will cross reference it against a number of cybersecurity databases for a general vibe check. If the results are mixed, don’t click it.

You should also generally be wary of clicking on random webpage ads, links in social media posts, or links pushed to the top of Google Search or otherwise marked as ‘Sponsored.’ If something doesn’t look right, it’s best to open a fresh browser window to see if you can access the same deal another way.

In addition to double and triple-checking who you’re giving your details to, you should also ensure you have security features like multi factor authentication enabled for your key accounts. 

As for money, you should regularly check your bank account for any transactions you don’t recognise, and EclecticIQ additionally suggests setting up a virtual ‘dummy’ credit card with a set spending limit that can be quickly cancelled if it becomes compromised.

Chances are a lot of the above advice seems fairly obvious to you, but the most important thing to remember is that anyone can be taken in by a scam. For instance, Action Fraud in the UK notes that people between the ages of 11 and 29 lost £9,199,951 due to online shopping fraud in 2023 alone. 

On the other side of the coin, the National Fraud Intelligence Bureau analysed reports made to Action Fraud between November 2023 and January 2024, and found the average age of scam victims was 42. Scams like the spoofed ‘SilkSpecter’ storefronts count on your complacency—so don’t make it easy for them.