UPDATED with comment from Amazon.
If Amazon presented you with a brand-new cryptocurrency offering, giving you the opportunity to get in on the ground floor with a digital token backed by Jeff Bezos, would you go for it?
Scammers sure hope a lot of people would, according to a report yesterday (Jan. 20) from researchers at internet-backbone provider Akamai.
The crooks, "utilizing the crypto frenzy to create new ways to exploit victims with clever scams" wrote Akamai researcher Or Katz, began by posting "news" links in social-media groups devoted to cryptocurrency.
How not to fall for this
Let's stop right here for a moment: The best way to avoid being taken in by scams like these is to not trust random links that strangers post on social media.
You can visit the links — it's unlikely these days that just opening the page will lead to trouble. But before you interact with one of the websites in any way, be very wary of claims that seem to good to be true — don't let greed cloud your judgment. There's also a TurboTax phishing scam going around, so don't fall for that either.
Also, you should always check the web address of the site you're visiting to make sure it matches what it's supposed to be. Unfortunately, that's not always easy to do on a mobile device, so scroll up to the top of the browser window to see the address field, or try to use the browser's "share" function to copy-and-paste the site address into a text file or draft email.
Jeff Bezos says hi
Anyhow, one of the social-media links led to a fake version of CNBC's real Crypto Decoded website, displaying a page headlined "The Amazon Token Presale is Coming" over a photo of Amazon head honcho Jeff Bezos.
This capitalized on an unverified rumor from last summer that Amazon was developing its own cryptocurrency — not a huge stretch, as Facebook has publicly declared such intentions and reportedly might soon facilitate NFT transactions.
The fake CNBC site gave you only 30 seconds to read through the story before it suddenly redirected you to yet another website, this one offering the Amazon pre-sale tokens at a "discount" over another image of a smiling Jeff Bezos.
The "Amazon" token site took great care to seem legit, Akamai's Katz wrote. The internal links to other sections of the site worked, and if you were interested in learning more about the bogus cryptocurrency, you needed to set up an account, go through email verification and even pass a CAPTCHA test to prove you were human.
Don't miss this limited opportunity
Once you'd cleared those hurdles, you were welcomed to a page that let you purchase Amazon pre-sale tokens using Bitcoin or Ethereum cryptocurrency — but you'd better not take too long, because a progress bar on the page showed that the Amazon tokens were quickly selling out.
This is a classic scam tactic: Create a sense of urgency so that the potential victim doesn't have time to properly investigate a claim and instead moves ahead due to fear of missing out on something.
The site even offered a referral program through which you'd get a discount on more "Amazon" tokens if you brought your friends or family members into the scheme.
It's all for naught, of course. Hand over your Bitcoin or Ethereum tokens to the crooks, and you'll never see them again.
Akamai wasn't able to tell how much money the scam took in, but it was able to determine that the suckers who landed on the fake token-offering site were located roughly evenly in North America, South America and Asia.
More interestingly, 98% of the site visitors were using mobile devices — 56% Android, 42% iOS — instead of desktop computers on which it's easier to see a site's URL.
But perhaps that statistic shouldn't be surprising.
"It's no secret," Katz wrote, "that mobile devices have become the primary means for consuming social media, gaming, reading news, and communicating via messaging applications, which drives the surge in victims landing on scams via mobile channels."
Update: Amazon statement
After this story was first published, Amazon reached out to us to provide this statement:
"We take any attempts to misuse our brand seriously. We maintain a site to assist customers in identifying scams, including fake webpages. This is how to tell whether an email, phone call, text message, or webpage is really from Amazon."
Our Amazon contact furthermore clarified that Amazon has no cryptocurrency offering at present. If you see anything that resembles such an offering, you are invited to report it Amazon directly.
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.