Where there is demand, there are scammers. The restocking community, with its combination of hyped products, time pressure, and money-driven motivation, is a prime target for fraud. Every year, thousands of restockers lose money to fake websites, phishing attacks, fraudulent cook groups, and social media scams that prey on the urgency and excitement of limited releases.

This guide is your comprehensive defense manual. It covers every major type of restock scam currently in circulation, teaches you how to identify them before you lose money, and provides actionable steps to protect yourself.

The Scale of the Problem

Restock-related scams have grown in proportion with the resale market itself. According to industry estimates:

  • Counterfeit sneaker sales exceed $400 billion globally per year.
  • Phishing attacks targeting sneaker and electronics buyers increased over 300% between 2020 and 2025.
  • Fraudulent cook group operations defraud an estimated $50 million annually from the restocking community.
  • Fake restock websites appear within hours of major product announcements.

The sophistication of these scams has also increased dramatically. What used to be obvious fake sites with broken English and stolen logos are now pixel-perfect replicas of legitimate retailers, complete with SSL certificates, customer chat bots, and functioning shopping carts.

Type 1: Fake Retail Websites

How They Work

Fake retail websites are the most common restock scam. Scammers create websites that look identical to legitimate retailers or brand sites, offer hyped products at retail or slightly below retail price, and collect payment information from victims.

The typical process:

  1. A major restock or release is announced.
  2. Scammers register domains that closely resemble legitimate retailers (e.g., nikestore-official.com, bestbuy-restock.com, foot-locker-drops.com).
  3. The fake site is promoted through social media ads, spam emails, or even paid search results.
  4. Victims enter their payment information and shipping details.
  5. The scammer collects the payment. No product is ever shipped.
  6. Additionally, the scammer now has the victim’s credit card number, address, and personal information.

How to Identify Fake Sites

Red FlagWhat to Check
URL spellingLook for misspellings, extra characters, or unusual domains (.shop, .store, .xyz)
SSL certificateLegitimate sites use HTTPS, but so do many scam sites now. SSL alone is not proof of legitimacy
Contact informationCheck for a real phone number, physical address, and email. Call the number
Social media linksClick them. Do they link to the actual brand’s social accounts?
PricesIf a sold-out hyped product is available below retail, it is almost certainly a scam
Payment methodsScam sites often only accept wire transfers, cryptocurrency, or unusual payment processors
Site ageUse WHOIS lookup tools to check when the domain was registered. Sites created days before a major drop are suspicious
Return policyLegitimate retailers have detailed return policies. Scam sites have vague or nonexistent ones

Real-World Examples

The Nike SNKRS Clone (2024): A scam site called “nikeairsupply.com” appeared before a major Jordan release, offering early access to the shoes at retail price. The site was a near-perfect copy of Nike’s official site, including functioning navigation links (which redirected to the real Nike site). The only giveaway was the checkout page, which used a generic payment processor instead of Nike’s standard payment system. Hundreds of people lost money before the site was reported and taken down.

The Best Buy GPU Scam (2025): During GPU restocks, a site called “bestbuy-graphics.com” offered RTX 5090 cards at MSRP with “guaranteed delivery in 3-5 days.” The site used Best Buy’s color scheme, logo, and product images. It was promoted through Google Ads and appeared above the actual Best Buy website in some search results. The site collected payments for two weeks before being shut down.

Protection Steps

  1. Always navigate directly to retailer websites by typing the URL manually or using a bookmark. Never click links from emails, ads, or social media posts.
  2. Verify the domain against the retailer’s official domain. Nike’s only website is nike.com. Best Buy’s is bestbuy.com. There are no exceptions.
  3. Use a virtual credit card for online purchases. Services like Privacy.com create one-time-use card numbers that protect your real card information.
  4. Install browser extensions that flag known phishing sites, such as uBlock Origin, Netcraft, or your antivirus program’s web protection.

Type 2: Phishing Attacks

How They Work

Phishing attacks target restockers through emails, text messages, and direct messages that impersonate legitimate brands, retailers, or resale platforms. The goal is to steal login credentials, payment information, or personal data.

Common phishing scenarios in the restock world:

Order confirmation phishing: You receive an email claiming to be from Nike, StockX, or another platform confirming an order you did not place. The email contains a “View Order” or “Cancel Order” link that leads to a fake login page.

Restock alert phishing: An email or text claims that a sold-out product is back in stock, with a link to “buy now.” The link leads to a fake site designed to capture your payment information.

Account verification phishing: A message claims your StockX, GOAT, or retailer account needs verification. You are directed to a login page that captures your credentials.

Winning notification phishing: You receive a message claiming you won a raffle you entered. The link asks you to confirm your payment method, which is then stolen.

Identifying Phishing Attempts

Email phishing red flags:

  • Sender email address does not match the official domain (e.g., [email protected] instead of [email protected]).
  • Generic greeting (“Dear Customer”) instead of your actual name.
  • Urgency language (“Act now or lose your order”).
  • Misspellings or grammatical errors in the email body.
  • Links that hover-show a different URL than the displayed text.
  • Attachments you did not request.

Text/SMS phishing red flags:

  • Unknown or short-code phone numbers.
  • Links using URL shorteners (bit.ly, tinyurl).
  • Requests to reply with personal information.
  • Claims about accounts or orders you do not recognize.

Social media phishing red flags:

  • Direct messages from accounts with few followers or recent creation dates.
  • Offers that seem too good to be true.
  • Requests to continue the conversation off-platform.
  • Links to external sites for “exclusive access.”

Protection Steps

  1. Never click links in unexpected emails or messages. Navigate to the website directly.
  2. Enable two-factor authentication (2FA) on every account associated with restocking: email, retailer accounts, resale platforms, and payment services.
  3. Use unique passwords for every account. A password manager like Bitwarden or 1Password makes this manageable.
  4. Verify unexpected messages by contacting the company directly through their official website or app. Do not use contact information provided in the suspicious message.
  5. Report phishing attempts to the impersonated company and to your email provider.

Type 3: Fraudulent Cook Groups

How They Work

Fraudulent cook groups exploit the legitimate demand for restock intelligence by charging membership fees and delivering little or no value. Some are outright scams from the start. Others start legitimate and deteriorate over time.

The fraud spectrum:

TypeDescriptionWarning Signs
Complete scamCollects fees, provides nothingNo verifiable track record, heavy advertising
Pump and dumpBriefly active, then abandons membersRapid recruitment, time-limited offers
Inflated promisesCharges premium fees, delivers basic free info”Guaranteed” wins, unrealistic income claims
Data harvesterCollects personal data through required “verification”Asks for SSN, ID scans, or banking details
Bot upsellFree or cheap group that aggressively pushes overpriced toolsHeavy promotion of affiliated bots/tools

Red Flags in Cook Group Recruitment

Price pressure tactics:

  • “Only 5 spots left at this price.”
  • “Price increases to $200 tomorrow.”
  • “Lifetime membership available for 24 hours only.”

These artificial scarcity tactics mirror the restocking world itself, which is precisely why they work on restockers.

Unverifiable success claims:

  • Screenshots of wins without context or verification.
  • Testimonials from anonymous accounts.
  • “Six-figure income” claims with no tax documentation or proof.
  • Photoshopped payout screenshots.

Excessive personal information requests:

  • Legitimate cook groups need your email and Discord username. That is about it.
  • Requests for your full name, address, phone number, or financial information during signup are red flags.
  • Any group that asks for your StockX, GOAT, or retailer account credentials is a scam. Period.

How to Vet a Cook Group

Before paying for any cook group, take these steps:

  1. Search for reviews on Reddit, Twitter, and YouTube from people who are not affiliated with the group.
  2. Ask for a trial period or money-back guarantee. Legitimate groups often offer 3-7 day trials.
  3. Verify the Discord server before paying. A legitimate group should have active channels, real conversations, and visible moderation.
  4. Check the age of the group’s social media accounts and website. Groups created days or weeks before a major release cycle are suspicious.
  5. Ask current members about their experience. Reach out to members who post in public channels and ask honest questions about value.
  6. Start with free communities to learn the basics before investing in paid groups. Our guide on Discord servers for restock alerts lists reputable free options.

Type 4: Social Media Scams

Instagram and TikTok Scams

Social media platforms are breeding grounds for restock scams because they combine visual appeal, viral reach, and direct messaging capabilities.

The “plug” scam: Accounts claim to be “plugs” who can secure hyped products for you at or below retail. They show photos of sneakers, consoles, or other products and ask for payment in advance. After receiving payment, they either disappear or send counterfeit products.

The giveaway scam: Accounts run fake giveaways that require you to follow, like, comment, and most critically, click a link or provide personal information to “enter.” The giveaway never happens, and your information is harvested.

The early access scam: Accounts claim to offer early access to upcoming releases through “backdoor” connections. They charge a fee for the access, which never materializes.

Twitter and X Scams

The restock Twitter community is large and active, making it a target for impersonation and fraud.

Account impersonation: Scammers create accounts that closely mimic legitimate restock monitors and alert accounts. They use similar usernames (adding underscores or numbers), steal profile photos, and repost real alerts to build credibility before posting scam links.

Fake link drops: During live restocks, scammers post fake “early links” or “backdoor links” that lead to phishing sites. In the chaos of a drop, people click without verifying.

DM scams: After engaging with restock content, users receive DMs offering exclusive deals, group access, or products at below-market prices.

Protection Steps

  1. Verify accounts before trusting any information. Check follower counts, account age, posting history, and verification status.
  2. Never pay via Venmo, Zelle, Cash App, cryptocurrency, or gift cards for product purchases. These payment methods offer zero buyer protection.
  3. Use PayPal Goods & Services if you must transact with an individual. This provides buyer protection and dispute resolution.
  4. Do not click links from accounts you do not follow and trust. Navigate to retailer sites directly.
  5. Report scam accounts to the platform and to the restock community.

Type 5: Counterfeit Product Scams

The Counterfeit Pipeline

Counterfeit products enter the restock ecosystem through several channels:

  • Direct social media sales: Scammers sell fake products as authentic through Instagram, Facebook Marketplace, and other platforms.
  • Compromised resale listings: Counterfeit items listed on platforms that do not authenticate (or listed below authentication thresholds on platforms that do).
  • Fake authentication services: Scammers create fake authentication services that “verify” counterfeit products as genuine.
  • Bait and switch: A listing shows photos of an authentic product but ships a counterfeit version.

How to Protect Yourself

StrategyDetails
Buy from authenticated platformsUse eBay (Authenticity Guarantee), StockX, or GOAT for sneaker purchases
Learn to authenticate yourselfStudy authentic vs. fake comparison guides for your target products
Request proof of purchaseAsk sellers for receipts from authorized retailers
Use independent authenticationServices like CheckCheck and Legit Check offer per-item verification
Avoid prices that are too lowIf a $300 resale sneaker is listed for $150, it is probably fake

For detailed authentication guidance, read our how to spot fake sneakers guide and our eBay authentication guide.

Type 6: Bot and Tool Scams

Fake Bots and Software

The demand for sneaker bots and restock tools has created a market for fraudulent software.

Common bot scams:

  • Non-functional bots: Software that does nothing but display a convincing interface. It never actually attempts to purchase anything.
  • Malware disguised as bots: Software that installs keyloggers, ransomware, or cryptocurrency miners on your computer.
  • Rental scams: Bot rental services that take your money and provide no access.
  • Outdated bots: Bots that once worked but have been patched by retailers and are no longer functional. Scammers continue selling them at full price.

How to Identify Legitimate Tools

  1. Check community reputation. Legitimate bots are discussed in established communities and have track records spanning months or years.
  2. Verify update frequency. Active bots require constant updates as retailers change their systems. A bot that has not been updated in months is likely dead.
  3. Look for transparent pricing. Legitimate bots have clear pricing and terms. Scam bots offer “lifetime access” at suspiciously low prices.
  4. Avoid cracked or pirated bots. “Free” versions of paid bots almost always contain malware.
  5. Research the developer. Legitimate bot developers have established presences in the community and can be contacted.

Building a Security-First Restocking Setup

Essential Security Measures

Every restocker should implement these baseline security measures:

Account Security:

  • Unique, strong password for every account (use a password manager).
  • Two-factor authentication on all accounts.
  • Recovery email and phone number on critical accounts.
  • Regular review of account activity and connected devices.

Financial Security:

  • Virtual credit card numbers for online purchases.
  • Separate email address for restocking activities.
  • Regular monitoring of bank and credit card statements.
  • Fraud alerts enabled on all financial accounts.

Device Security:

  • Updated operating system and browser.
  • Reputable antivirus software.
  • Ad blocker and anti-phishing browser extension.
  • Regular malware scans, especially if you have downloaded any tools or bots.

Communication Security:

  • Do not share personal information in public Discord channels.
  • Use a separate Discord account for cook groups if desired.
  • Be cautious with direct messages from unknown users.
  • Never share screenshots containing personal details.

What to Do If You Have Been Scammed

If you fall victim to a restock scam, act immediately:

  1. Contact your bank or credit card company to report the fraudulent charge and request a chargeback.
  2. Change passwords on any accounts that may be compromised, starting with your email and financial accounts.
  3. Enable 2FA on any accounts that did not already have it.
  4. Report the scam to the platform where it occurred (eBay, Instagram, Twitter, etc.).
  5. File a report with the FTC (reportfraud.ftc.gov) and the FBI’s IC3 (ic3.gov) if the loss is significant.
  6. Monitor your credit for unauthorized accounts or inquiries. Consider placing a fraud alert or credit freeze.
  7. Warn the community by reporting the scam in your restock communities, providing details that help others avoid the same trap.
  8. Document everything with screenshots, emails, and transaction records in case you need to pursue recovery.

Staying Informed

Scam tactics evolve constantly. Stay current on the latest threats by:

  • Following trusted restock accounts that report scams.
  • Participating in community discussions about security.
  • Reading security updates from resale platforms.
  • Checking the FTC and FBI websites for alerts about new fraud schemes.
  • Sharing your experiences (both successes and close calls) to help the community stay vigilant.

The restocking community is at its best when members look out for each other. If you spot a scam, report it and warn others. The few minutes you spend could save someone else hundreds of dollars.

FAQ

What should I do if I already paid a scammer?

Act immediately. Contact your bank or credit card company to initiate a chargeback. If you paid via PayPal Goods & Services, file a dispute through PayPal’s resolution center. If you paid via Venmo, Zelle, Cash App, or cryptocurrency, recovery is extremely difficult because these platforms offer limited or no buyer protection. File reports with the FTC and local law enforcement regardless of the payment method.

Verify the account posting the link. Check that the account has a long history of posting accurate alerts, has a significant follower count, and is recognized by the community. Then verify the link itself: hover over it (do not click) to see the actual URL. It should point directly to a known retailer domain (nike.com, bestbuy.com, etc.) with no redirects, misspellings, or unusual subdomains.

Are all cook groups potential scams?

No. Many cook groups are legitimate businesses that provide genuine value. The key is doing thorough research before paying. Look for groups with established track records, transparent leadership, active and genuine community discussions, and positive reviews from verified members. Start with free communities to learn the landscape before investing in paid groups.

Is it safe to buy sneakers from Instagram sellers?

It is significantly riskier than buying from authenticated platforms. If you choose to buy from Instagram sellers, use PayPal Goods & Services for payment (never Friends & Family, Venmo, or Zelle), request detailed photos including tags and receipts, verify the seller’s reputation through external sources, and consider using a third-party authentication service before or after purchase. However, the safest approach is to use authenticated platforms like eBay, StockX, or GOAT.

Can scammers create fake eBay Authenticity Guarantee tags?

It is theoretically possible to create physical tags that resemble eBay’s authentication tags, but the NFC technology embedded in legitimate tags is much harder to replicate. When you receive a product with an authentication tag, scan the NFC chip with your phone to verify it links to a valid eBay authentication certificate. If the chip does not scan or links to an unfamiliar site, contact eBay support immediately.