Beware of Fake Amazon Digital Tokens

Jan 22, 2022, 12:36 IST

To entice victims, crypto hackers are using a bogus Amazon digital token as bait.

A thorough examination of the victims who visited the phoney token landing sites revealed that 98% of them were mobile users, with 56% using Android and 42% using iPhones.

New Delhi: Cyber-criminals are leveraging Amazon's reputation to promote a fraudulent scheme called "Amazon to establish its own digital token," encouraging victims to give away their credentials in the first step of the fraud campaign, according to cyber-security researchers.

Researchers from cyber-security firm Akamai said they were able to follow ongoing malware activities that took advantage of the cryptocurrency craze, including fraudsters who used phishing schemes based on false rumours like "Amazon to create its own digital token."

"This particular scam played directly into victims’ fear of missing out on a limited-time offer to invest in a new (albeit fake) cryptocurrency "opportunity," they claimed.

A thorough examination of the victims who visited the phoney token landing sites revealed that 98% of them were mobile users, with 56% using Android and 42% using iPhones.

According to the report, "Looking into the geographic breakdown for campaign victims shows that 29 per cent were located within North America, 35 per cent in South America, and 27 per cent in Asia."

Amazon was notified of Akamai's results.

Victims were sent to a well-designed and functional phoney website after being engaged, where they paid for the false bitcoin.

The targets were obliged to pay for the bogus tokens using the cryptocurrency — in this case, Bitcoin — as part of the scam.

Also Read: Instagram to De-prioritise Feeds, Stories With Harmful Content

The scam's ultimate purpose was to convince victims that the false cryptocurrency was real and that they could pay for it with their own money (bitcoin).

"To drive victim engagement and trust, attackers created a fully functional website that required registration, account confirmation using email, and a user account profile," said the researchers.

The website also used social engineering techniques, such as displaying a bogus progress metre that indicated tokens were soon to sell out, putting pressure on the victim to make a purchase.

In 2021, according to Chainalysis, fraudsters will have received around $14 billion in deposits.