Scammers Steal $1 Million in Crypto Using Fake Delta and AMC Sites

Cybersecurity firm Netcraft has discovered a new task scam cluster that has stolen over $1 million in crypto. The scammers use API-driven templates to impersonate brands like Delta Airlines, AMC, Universal Studios, Epic Records and more.

A new research from Netcraft, shared with Hackread.com ahead of its publication, reveals how a single group of cybercriminals has built a network of fake websites that impersonate major companies, including Delta Airlines, to lure in victims. This is a highly organized scam where attackers are using a clever template to trick victims out of millions of dollars in cryptocurrency.

The scheme, known as a task scam, promises people a job as an online agent. For example, on a fake Delta site (DeltaAirlineiVIPcom), victims are told they can earn a commission by booking fake flights. But to start “working” and become a “VIP” agent, they first have to pay a fee by depositing cryptocurrency into a digital wallet. The minimum fee is around $100, but some victims are encouraged to invest as much as $50,000 to unlock higher-paying tasks.

Moreover, scammers lure victims with the promise of easy money, offering to pay a small commission, like $0.71 in USDT, for a seemingly low-cost flight, while the victims unknowingly send much larger sums.

Netcraft researchers managed to link the scams after noticing something simple but effective. All of the scam websites were registered under the name Boxer from Dallas, US. This unique detail allowed the team to uncover hundreds of similar scam domains targeting other well-known brands like AMC Theatres, Universal Studios, and Epic Records.

Additionally, by analyzing transactions on the public blockchain, researchers were able to trace approximately $948,000 in USDC and $300,000 in ETH, alongside $114,000 in Bitcoin and $3,000 in USDT, to a single cryptocurrency wallet.

Furthermore, they found a configuration file, called a JSON file, which contained all the parameters for how the site works. This discovery highlighted the automated, template-based nature of the entire operation. The template can be easily adjusted to change the name of the company, the type of tasks, and the cryptocurrency wallet addresses, allowing the scam to adapt and expand quickly.

The findings show a new threat where scammers are no longer building one-off fake websites but are instead using automated tools. The scam websites were even hosted on Alibaba Cloud’s registrar service, a detail that helped researchers trace their technical tracks.

Netcraft’s team continues to monitor this scam network, which is still active. The firm warns that this kind of fraud is difficult to spot because it’s designed to look professional and targets people looking to earn extra money online.