Researchers on Thursday reported they found continuous cyberattack campaigns that took advantage of so-called “crypto fever” among investors, the most notable an ad on a fake CNBC site that lured people into investing in an Amazon digital token.
In a Jan. 20 blog post by Akamai researchers, they said the scam played directly into fear among victims of missing out on a limited-time offer to invest in a new — albeit fake — cryptocurrency. The researchers said the scam played upon the latest sentiments and increasing risk tolerance for crypto investing and lead victims to release their credentials. Akamai said once a victim was engaged, they were led to a well-designed and functional fraudulent website, where they paid for the fake cryptocurrency. The scam asked the victims to use Bitcoin to pay for what were fake tokens.
The researchers also noted that they reported their research findings to the Amazon security team — thereby helping to mitigate the scam — and deployed relevant protections for Akamai customers.
An Amazon spokesperson said the online retail giant takes any attempts to misuse its brand seriously and noted that it maintains a site to assist customers in identifying scams, including fake pages. Amazon does not currently offer cryptocurrency, nor does it offer promotions in connection with crypto.
The psychology of FOMO (fear of missing out) stirs up the emotional urge that if one does not respond quickly enough, they will miss an opportunity that could make one's life better, said Nasser Fattah, chair of the North American Steering Committee at Shared Assessment. Fattah said social engineering attacks often work on emotions — for example, fear, urgency, and curiosity — to hook the victim and make it appealing enough for the victim to take the next steps, such as clicking a malicious link or opening an attachment.
“Bitcoin valuation has been the rage in the market, and many in the market missed the opportunity to jump on the Bitcoin bandwagon, and are now chomping at the bit for the next great cryptocurrency,” Fattah said. “My advice: be wary of anything that appears too good to be true and do some independent research. Think before you click! “
Saryu Nayyar, founder and CEO of Gurucul, said threat actors clearly have multiple evasion techniques that they employ regularly regardless of the objective of the attack campaign, in this case being a fake cryptocurrency offer to solicit legitimate cryptocurrency from unsuspecting users.
“Outside of dynamic rendering of page content to avoid detection, many of the techniques used malicious URLs or newly generated phishing domains to block the effectiveness of blacklists,” Nayyar said.
Some of the IP addresses linked to these attacks have been in use since 2020, added Stephanie Simpson, vice president of product management at Scythe.
“This is another example of why we say that not all cyberattacks are sophisticated,” Simpson said. “In this case, the IP addresses are known to be malicious, and organizations should block access to them. It’s also an example of why organizations need to take real-time threat intelligence about indicators of compromise and continuously test their security controls and processes.”