Cybersecurity experts have warned that cybercriminals are using Amazon’s name to promote a fraudulent scheme called ‘Amazon to create its own digital token’ which leads victims to give away their credentials in the first step of the fraud phase of the fraud campaign.
According to Akamai researchers, they were able to track continuous cyberattack campaigns that took advantage of the crypto craze, including fraudsters who used a range of phishing schemes based on false rumours, such as “Amazon to create its own digital token”.
The Akamai researchers said “This particular scam played directly into victims’ fear of missing out on a limited-time offer to invest in a new (albeit fake) cryptocurrency ‘opportunity’,”
A closer examination of the victims who visited the fake token landing pages revealed that 98% of them were mobile users, with 56% using Android and 42% using iPhones devices.
The report said “Looking into the geographic breakdown for campaign victims shows that 29 per cent were located within North America, 35 per cent in South America, and 27 per cent in Asia,”
Amazon was notified of Akamai’s findings.
Victims were led to a well-designed and functional fake website after targets being engaged, where they paid for the fake cryptocurrency.
The targets were obliged to pay for the bogus tokens using cryptocurrency — in this case, Bitcoin — as part of the scam.
The ultimate purpose of the scam was to convince victims that the fake cryptocurrency was real and that they could pay for it with their own cryptocurrency (bitcoin).
The researchers said “To drive victim engagement and trust, attackers created a fully functional website that required registration, account confirmation using email, and a user account profile,”
The website also used social engineering techniques, such as displaying a bogus progress metre that indicated tokens were soon to sell out, putting pressure on the victim to make a purchase.
In 2021, according to Chainalysis, fraudsters received around $14 billion in deposits.