Cryptocurrency and digital token scams have become a common threat facing investors and the general public today.
Even though regulators worldwide are clamping down on fraud -- through tax legislation, securities offering registration, tighter rules surrounding cryptocurrency adverts, and by keeping a close eye on initial coin offerings (ICOs), exit scams, rug pulls, and theft is still rampant.
Interest in cryptocurrency -- and now NFTs -- continues to escalate, providing a breeding ground for new scams to appear on a daily basis.
Chainalysis estimates that fraudsters received approximately $14 billion in deposits in 2021.
On Thursday, cybersecurity researchers from Akamai Technologies outlined a new, fraudulent campaign that leverages Amazon's name to promote a fraudulent "Amazon to create its own digital token" scheme.
Generating panic and encouraging victims to make a rash decision are common tactics used in various scams, and this is no exception. In the Amazon scheme, the fraudsters have imposed a 'time-sensitive' lure to make individuals feel like they could be losing out on a lucrative investment opportunity.
The campaign began by publishing fake social media posts in groups that are interested in the cryptocurrency space. If users clicked on a post, they were directed to a fake "CNBC Decoded" news website that included an article on the soon-to-be-released 'Amazon crypto token.'
The cyberattackers gave visitors roughly 30 seconds to read the fake release before they were automatically redirected to a domain that offered pre-sale tokens. The website in question was fully functional and required signing up email account confirmation and user profile creation.
"The website included social engineering techniques that presented a fake progress bar, indicating tokens were about to sell out, adding pressure to the victim's purchasing decision," Akamai says.
At this stage, visitors were asked to then pay for the pre-sale tokens with their own cryptocurrency, including Bitcoin (BTC) and Ethereum (ETH). As the tokens are non-existent, these funds then ended up in the wallets of attackers.
Another lure is also presented -- a fake referral program that promises rewards if users refer friends and family. This can expand the reach of the token scam on behalf of the attackers with no further effort on their part.
In total, most of the visitors to the fake token landing pages were using mobile devices (98%). The distribution of mobile operating systems in use is fairly even but leans toward Android handsets (56%), followed by Apple iOS (42%).
The majority of victims are located in North America, South America, and Asia.
"Based on our research, we predict that crypto scams will continue to drive many nefarious activities throughout the 2022 threat landscape," the researchers commented.
Akamai has reported its findings to Amazon.
Update 23.08 GMT: An Amazon spokesperson told ZDNet:
"We take any attempts to misuse our brand seriously. We maintain a site to assist customers in identifying scams, including fake web pages. This is how to tell whether an email, phone call, text message, or webpage is really from Amazon."