Login

SilkSpecter hacking operation uses 4,700 spoofed stores to scam shoppers looking for Black Friday bargains. Here's how to avoid being scammed

SilkSpecter hacking operation uses 4,700 spoofed stores to scam shoppers looking for Black Friday bargains. Here's how to avoid being scammed

Sometimes, a Black Friday bargain is just too good to be real. As you may have guessed, the winter quarter is prime scammer time. Every year, fake online storefronts get more sophisticated and work harder to separate you from your hard-earned money.

The Guardian reports that UK shoppers lost PS11.5m last Christmas to scams using a sophisticated arsenal of online marketplaces, social media posts and AI. The newspaper reports that cybercriminals are using a variety of tactics to trick shoppers, including fairytale deals for high-end technology.

If you still need more proof of how widespread this issue is, the EclecticIQ team of threat researchers has identified a ring of nearly 4,700 fake online stores that target shoppers looking for Black Friday deals in the US and Europe. (Via BleepingComputer).

EclecticIQ analysts first identified the scam ring in October of this year. Based on the IP addresses involved they believe with "high certainty" that the scam ring was operated by Chinese hackers. They have named this group SilkSpecter. Their scam ring impersonates well-known brands like Makita and Ikea.

These spoofed websites may look convincing at first glance, but a closer look at their URLs reveals an unusual top-level extension like '.shop’ or '.store’. These fake sites will encourage customers to use Stripe or other legitimate payment methods. But they are not only after your money.

The fake Black Friday websites use trackers OpenReplay Pixel, TikTok Pixel and Meta Pixel in order to collect data from their victims, such as their location, OS, browser and browser details. The fake Black Friday webpages use trackers OpenReplay, TikTok Pixel, and Meta Pixel to collect metadata from victims--such as their location, browser details, and OS details.

ElectricIQ shares that these spoofed stores fronts use Stripe to "complete genuine transactions while covertly exfiltrating [cardholder data] to an attacker-controlled server."

ElectricIQ theorizes that this is done to allow hackers to "conduct voice phishing" or smishing attacks (SMS phishing), deceiving the victims into providing sensitive information such as 2FA codes or personal identification details or even account credentials.

How can you be sure that the SilkSpecter scam is a real deal when it's so sophisticated? Cybercriminals take advantage of the urgency created by Black Friday sales. Take a step back. Ask yourself: Are the vibes off? Could the cheap RTX Super be a rock? When something online sounds too good to be real, it probably is.

Double-check the address bar. Is the website using a strange top-level domain, such as '.top' or '.vip' instead of '.com? Is there any other weirdness going on with the rest of the URL, like instead of 'thenorthface.co.uk,' you're seeing 'northfaceblackfriday.shop'? Is the URL a typo?

If you are still unsure, you can run a URL suspicious through Get Safe Online’s Check a Website Tool, which will compare it to a number cybersecurity databases in order to get a general vibe. If the results are mixed up, don't click.

You should also be cautious about clicking on random ads, links in posts on social media, or links that are pushed to top of Google Search, or otherwise marked 'Sponsored. If something looks wrong, try opening a new browser window to see whether you can get the same deal in another way.

You should not only double- and triple-check who you give your details to but also make sure that you have enabled security features such as multi factor authentication for your key accounts.

You should also regularly check your bank account to see if there are any transactions that you do not recognise. EclecticIQ suggests creating a virtual credit card with an established spending limit, which can be cancelled quickly if it is compromised.

You may think that a lot of this advice is obvious, but it's important to remember that anyone can fall victim to a scam. Action Fraud in the UK reports that between the ages 11 and 29, people lost PS9199951 in online shopping fraud in the year 2023.

The National Fraud Intelligence Bureau, on the other hand, analysed reports to Action Fraud from November 2023 to January 2024 and found that the average age of victims of scams was 42. Don't be complacent. Scams, like the spoofed SilkSpecter storefronts, rely on your complacency.

Interesting news

Fields of Mistria, a Sailor Moon-inspired farming sim, gets its first major update and lets me finally lay romantic groundwork for my future spouse.
Fields of Mistria, a Sailor Moon-inspired farming sim, gets its first major update and lets me finally lay romantic groundwork for my future spouse.
November 18, 2024
Treyarch accidentally added legacy items to Call of Duty Black Ops 6. They took them away and then promised to restore the tokens after realising that they couldn't put toothpaste back in the tube.
Treyarch accidentally added legacy items to Call of Duty Black Ops 6. They took them away and then promised to restore the tokens after realising that they couldn't put toothpaste back in the tube.
November 18, 2024
I've decided that Casio smart ring-watches are the only thing good in this messed-up universe right now
I've decided that Casio smart ring-watches are the only thing good in this messed-up universe right now
November 18, 2024

Comments

Выбрано: []
No comments have been posted yet