New Delhi: Amid the crypto hype, cybercriminals are using Amazon’s name to promote a deceptive scheme called “Amazon to create its own digital token” – resulting in victims revealing their credentials in the first phase of the scam campaign Cybersecurity researchers warned.
Researchers at cybersecurity firm Akamai said they were able to track continuous cyberattack campaigns taking advantage of the crypto fever, including scammers who launched a variety of phishing schemes based on fake rumors, such as “signs”.
“This particular scam played directly on victims’ fears of missing out on a limited-time offer to invest in a new (albeit bogus) cryptocurrency ‘opportunity,'” they said.
A closer look at the victims who visited the fake token landing pages revealed that 98 percent of the victims were mobile users, with 56 percent using Android and 42 percent using iPhone devices.
“A look at the geographical breakdown of campaign casualties shows that 29 percent were in North America, 35 percent in South America and 27 percent in Asia,” the report said.
Akamai reported its findings to Amazon.
Once the victims were attacked, the victims were then directed to a well-designed and working fake website where they in turn paid for the fake cryptocurrency.
The scam required the targets to use cryptocurrency — in this case, bitcoin — as a payment method for the fake tokens.
The ultimate goal of the scam was to trick victims into believing the fake cryptocurrency was real and pay them with their own cryptocurrency (bitcoin).
“To encourage victim engagement and trust, attackers created a fully functional website that required registration, email account verification, and a user account profile,” the researchers said.
Additionally, the website contained social engineering techniques that displayed a fake progress bar indicating tokens were about to sell out and pressured the victim’s purchase decision.
Chainalysis estimates that scammers received approximately $14 billion in deposits in 2021.