The growing interest in new cryptocurrencies and the potential to get in early on Amazon’s supposedly forthcoming crypto has scammers taking victims for thousands of dollars.
Investing in cryptocurrency is seen by some as a legitimate means to make money on gains, as well as other crypto-financial vehicles that include staking, pooling, and farming. So, it makes sense that scammers are looking for ways to rob their victims of cryptocurrency rather than risk breaking into bank accounts, using stolen credit card details, etc.
In a new crypto token scam documented by security researchers at Avast, scammers are posting ads looking like they are from legitimate news sources on the web informing the reader of a “presale” of the Amazon token “$AMZ”.
Source: Avast
The websites used look clean and professional and don’t hint much at all that they aren’t Amazon’s. With pages that promote Prime membership benefits, a roadmap for the token, and a clear call to action to “Buy Token” (note: one of the red flags!), this scam gets “buyers” to cough up any of a number of accepted cryptocurrencies as payment.
Source: Avast
Once an account is created, victims are even provided a fake “portfolio” page, providing additional opportunities to “purchase” these nonexistent tokens.
Source: Avast
This is a very creative and well-executed scam. We’ve covered a similar scam back in 2019 with Facebook’s Libra cryptocurrency. The difference with this new scam is the professionalism in the execution. And, while the goal is to simply take the victims legitimate crypto as payment, it could just as easily be attempting to get the victim to download and open/install a malicious document. Organizations should still be wary of such scams, as the potential for corporate impact is real. Users undergoing Security Awareness Training will see the scam for what it is at the start – the URLs the “legitimate” news ads point to are as bogus as they come – making it important to enroll users in continual training to be sure they don’t fall for these and similar scams.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
