As we are in the 2021 holiday shopping season, there’s a new scam you need to be aware of and watch out for: offers for Amazon Tokens. We have found that these new scams are very effective, yielding over USD $100,000. Over 300 Avast users have been protected from the scam in the past week.

These offers are propagating through malicious advertisements that imitate legitimate news sites and rely on rumors that have been around since July 2021 that Amazon will be offering Tokens for sale. Below are samples of the malicious advertisements that we found.

Amazon Token Rumors

The rumors originated from news stories reporting that Amazon could be entering the cryptocurrency market and creating their own tokens as part of that. These stories relied on speculation from an Amazon job posting in July 2021. The rumor has not been substantiated,  and there are no Amazon Tokens currently for sale.

These malicious advertisements rely on people’s trust in the Amazon brand and desire to get in early on cryptocurrency initial coin offerings (ICOs). Getting in on an ICO early can be an easy way to quickly make money, as ICOs often rapidly increase in value in the early days.

Fake Amazon Token Landing Pages

Once someone clicks on one of these malicious ads, they are redirected to a well-constructed website that appears to be promoting Amazon’s new (nonexistent) Token cryptocurrency. However, upon closer investigation, you may notice occasional spelling mistakes on these sites,  which is an early tip off that these aren’t legitimate.

The website is well-presented, with detailed explanations, nice images, and full functionality. The website even cleverly connects the purchase of the nonexistent token with free Amazon Prime membership, making it seem even more legitimate.

The attackers behind this scam also cleverly tie the purchase of these nonexistent tokens to Amazon’s Prime Gaming service, meant to appeal to gamers.

There is a countdown on the website and sales and bonuses if the user decides to purchase immediately, a classic scammer tactic of using time pressure to force prospective victims into making quick (and bad) decisions.

Once the user creates an account, there is a legitimate-looking dashboard that allows the management of the fake cryptocurrency portfolio, including the opportunity to make purchases of the nonexistent Amazon Tokens.

If the user attempts to purchase the Token, they have to create an account, then “purchase”  the Token with other cryptocurrencies, such as Bitcoin, Ethereum, LiteCoin, and others. Creating an account could potentially give the attackers an email password combination that could be used in other attacks.

In reality, once the translation is complete, the user will have no Amazon Tokens and the attackers will pocket the cryptocurrency that has been transferred to them. If this happens, the money will be unrecoverable due to the nature of cryptocurrency transactions. 

Several of the sites we discovered have already gone down, leaving users with no recourse or access to their money/fake Token crypto.

We have seen the malicious ads spread around the world, in the U.S., Canada, Brazil, Venezuela, UK, Ireland, Norway, France, Germany, Austria, Switzerland, Netherlands, Italy, Spain, Poland, Czech Republic, Slovakia, Hungary, Estonia, Latvia, Ukraine, Serbia, Bosnia And Herzegovina, Montenegro, Macedonia, Greece, Romania, Bulgaria, Georgia, Morocco, Nigeria, Indonesia, Philippines, and Australia.

How to protect yourself from scams

To protect yourself against scams like this:

• Be skeptical of cryptocurrency advertisements and posts on social media.
• Double check URLs and websites before entering details and making a purchase.
• Don’t fall to high pressure tactics that claim “Flash sales”, “only a few left”, “purchase immediately.”
• Do research on what you are about to purchase - look for official sources.
• Report scam adverts and posts when you see them; this may aid in their removal from social media.

Scammers latch onto fresh news like this, as the general perception of cryptocurrency is that early adopters can make significant gains if the currency proves successful. Users may have their guard down thinking they are entering early into a potentially big cryptocurrency that will yield big returns.

The fact that these scams are so well-constructed and abuse the Amazon name, branding, and trust -- and are occurring during the holiday shopping season -- makes them all the more insidious. And so it’s important to know they’re out there and how to best protect yourself from them.

Updated on April 12, 2022 with new updates and information.