'SilkSpecter' hacking operation uses sophisticated ring of 4,700 spoofed storefronts to dupe shoppers looking for Black Friday deals—here's how to avoid getting scammed

A hooded figure is depicted running with a large sack, from which slips of paper featuring asterisks (symbolizing passwords or confidential information) are falling out. The background is solid red, creating a striking contrast and emphasizing the theme of cyber theft or data breach.
(Image credit: rob dobi via Getty Images)

Sometimes a Black Friday deal really is too good to be true. As you might already suspect, the fast approaching winter quarter is prime time for scammers, and every year fake online storefronts become more sophisticated, working harder than ever before to part you from your hard-earned cash.

The Guardian reports that last Christmas shoppers in the UK lost £11.5m to scams leveraging a sophisticated arsenal of social media posts, online marketplaces, and AI. The newspaper notes that fairytale deals on high-end tech is just one tactic cybercriminals use to dupe shoppers. 

If you needed further convincing of just how widespread the issue is, the EclecticIQ threat research team have identified a ring of close to 4,700 fake online storefronts targeting shoppers specifically looking for Black Friday discounts across the US and Europe (via BleepingComputer). 

First identified in October earlier this year, EclecticIQ's analysts believe with "high confidence" that, based on the IP addresses involved, the scam ring is being operated by Chinese hackers and have dubbed this group 'SilkSpecter.' Their scam ring impersonates storefronts of well-known brands such as Makita, Ikea, and the North Face.

These spoofed sites can convince at a glance, but closer inspection of their URLs will reveal an unusual top-level domain like '.shop' or '.store'. Many of these webpages will encourage shoppers to use legitimate payment methods such as Stripe, but it's not just your money these fake fronts are after.

For a start, the fake Black Friday webpages deploy trackers OpenReplay, TikTok Pixel, and Meta Pixel to collect metadata from victims—such as their location, browser, and OS details. This is in part to dynamically translate the page's text based on the victim's IP address, but scraping this user data can also be used by hackers to assess the success of their scam.

ElectricIQ also shares that these spoofed store fronts leverage Stripe to allow "genuine transactions to be completed while covertly exfiltrating sensitive [card holder data] to a server controlled by the attackers."

During the purchase process, victims are also prompted to volunteer their phone number, and ElectricIQ theorises this is so that hackers can then "conduct vishing (voice phishing) or smishing (SMS phishing) attacks, deceiving victims into providing additional sensitive information, such as 2FA codes, personal identification details, or even account credentials."

With operations as alarmingly sophisticated as the 'SilkSpecter' scam ring, how can one be sure they're snagging a genuine steal of a deal? Cybercriminals rely on the urgency presented by limited-time Black Friday deals, so one of the best things you can do is to take a step back. Ask yourself, are the vibes off? Could that cheap RTX 4070 Super actually just be a rock in a box? If something online seems too good to be true, it usually is.

A good place to start is by double-checking the address bar: is the webpage using a bizarre top-level domain like '.vip,' or '.top' instead of the more standard '.com'? Is there any other weirdness going on with the rest of the URL, like instead of 'thenorthface.co.uk,' you're seeing 'northfaceblackfriday.shop'? Is there a typo in the URL?

If you're still not sure, you can run a suspicious URL through Get Safe Online's Check a Website tool, which will cross reference it against a number of cybersecurity databases for a general vibe check. If the results are mixed, don't click it.

You should also generally be wary of clicking on random webpage ads, links in social media posts, or links pushed to the top of Google Search or otherwise marked as 'Sponsored.' If something doesn't look right, it's best to open a fresh browser window to see if you can access the same deal another way.

Your next machine

Gaming PC group shot

(Image credit: Future)

Best gaming PC: The top pre-built machines.
Best gaming laptop: Great devices for mobile gaming.

In addition to double and triple-checking who you're giving your details to, you should also ensure you have security features like multi factor authentication enabled for your key accounts. 

As for money, you should regularly check your bank account for any transactions you don't recognise, and EclecticIQ additionally suggests setting up a virtual 'dummy' credit card with a set spending limit that can be quickly cancelled if it becomes compromised.

Chances are a lot of the above advice seems fairly obvious to you, but the most important thing to remember is that anyone can be taken in by a scam. For instance, Action Fraud in the UK notes that people between the ages of 11 and 29 lost £9,199,951 due to online shopping fraud in 2023 alone

On the other side of the coin, the National Fraud Intelligence Bureau analysed reports made to Action Fraud between November 2023 and January 2024, and found the average age of scam victims was 42. Scams like the spoofed 'SilkSpecter' storefronts count on your complacency—so don't make it easy for them.

Jess Kinghorn
Hardware Writer

Jess has been writing about games for over ten years, spending the last seven working on print publications PLAY and Official PlayStation Magazine. When she’s not writing about all things hardware here, she’s getting cosy with a horror classic, ranting about a cult hit to a captive audience, or tinkering with some tabletop nonsense.

Read more
Nvidia RTX 5090 Founders Edition graphics card on different backgrounds
eBay users are getting back at graphics card scalping bots by listing pictures of the RTX 5090 for $2000, occasionally framed
ebay RTX 5090
Scalpers are already trying to rip off gamers by flipping RTX 5090 graphics cards they don't actually have for up to $7,000
MSI RTX 5070 Ti Gaming Trio OC Plus graphics card under a red light
The price gouging of Nvidia's RTX 5070 Ti is utterly grotesque
Collection of products to illustrate potential Amazon Prime Day deals
I'm here digging out the best post-Christmas, post-turkey PC gaming deals using my decades of experience and lack of social norms
A screenshot from a YouTube video showing a sticker being pulled from the front of a fake 9800X3D CPU
This Amazon-bought fake AMD Ryzen 7 9800X3D is actually a 14-year-old Bulldozer chip with a cheap sticker on it
Radeon RX 9070 XT cards all X'd out, out of stock
We all deserve better than this
Latest in Hardware
Recently appointed Intel CEO Lip-Bu Tan.
Here comes Intel's new CEO: a semiconductor veteran that won the same prestigious award as Jensen Huang and Lisa Su
The OpenAI logo is being displayed on a smartphone with an AI brain visible in the background, in this photo illustration taken in Brussels, Belgium, on January 2, 2024. (Photo illustration by Jonathan Raa/NurPhoto via Getty Images)
OpenAI is working on a new AI model Sam Altman says is ‘good at creative writing’ but to me it reads like a 15-year-old's journal
Microsoft Majorana 1 quantum processor
'This is essentially a fraudulent project': Some scientists are firing shots at Microsoft's recent quantum computing claims
 photo shows a factory tool that places lids on data center system-on-chips at an Intel fab in Chandler, Arizona, in December 2023. In February 2024, Intel Corporation launched Intel Foundry as the world’s first systems foundry for the AI era, delivering leadership in technology, resiliency and sustainability.
Return of the gigahertz wars: New Chinese transistor uses bismuth instead of silicon to potentially sock it to Intel and TSMC with 40% more speed
The OBSBot Tiny 2 Lite on a blue background
My favourite 4K webcam spins on a gimbal to track your face, and it's now at its lowest ever price at Amazon
Audio-Technica ATH-R50X headphones
Audio-Technica ATH R50X review
Latest in News
spectre divide
Spectre Divide and its studio are shutting down after just six months: 'The industry is in a tough spot right now'
Naoe looking at the wrist blade in Assassin's Creed Shadows
Ubisoft backflips, says Assassin's Creed Shadows will support Steam Deck at launch, but I doubt I'll actually want to play it there
Henry from KCD2 wearing nice outfits
'Diversify your fashion endgame' with this Kingdom Come: Deliverance 2 mod that gives Henry fly new gambesons, pourpoints, and caftans
Masked Counter-Terrorist in helmet in forefront with sunglasses and beret-wearing CT in background touching headset
There's hope yet for Classic Offensive after its Steam rejection: The team behind the Counter-Strike 1.6 revival mod is in touch with Valve about its 'concerns'
Recently appointed Intel CEO Lip-Bu Tan.
Here comes Intel's new CEO: a semiconductor veteran that won the same prestigious award as Jensen Huang and Lisa Su
BURBANK, CALIFORNIA - AUGUST 15: Protestors attend the SAG-AFTRA Video Game Strike Picket on August 15, 2024 in Burbank, California. (Photo by Lila Seeley/Getty Images)
8 months into their strike, videogame voice actors say the industry's latest proposal is 'filled with alarming loopholes that will leave our members vulnerable to AI abuse'