- Google Ads used in crypto scams with $500K lost to attackers in the past few days according to research platform CPR.
- Unsuspecting persons are hoodwinked by fake crypto wallet sites where scammers gain full control of their accounts.
Security outfit Check-Point Research (CPR) recently published a report showing Google Ads as a potential form of low-key scams. With these Ads, over $500,000 losses have been experienced this past weekend, CPR states.
To start, attackers develop Google Ads of popular crypto wallets, with names tweaked to resemble the actual wallet. Phantom and Metamask wallets were highly targeted as they are the most popular wallets for Solana and Ethereum networks.
When people Google the word “phantom,” these fake Ads appear just above the website of the actual Phantom wallet. Clicking on these Ads leads people to phishing websites designed to, as much as possible, resemble the real thing. These URLs can, for instance, have simple spelling differences to waylay users from authentic sites. Fake URLS include phanton.app or phantonn.app instead of the real phantom.app. The fact that such Ads appear before the actual sites only worsen matters.
Unwary users with existing wallets enter their log-in credentials, which the attacker keeps. Those creating new accounts are prompted to use a recovery password, which logs them into an account controlled by the attacker. Either way, users later find their accounts wiped out of all funds.
Scams Hidden Behind Google Ads
CPR’s Oded Vanunu in a press statement said;
I believe we’re at the advent of a new cybercrime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email,
Similar phishing scams have been used to lead users to fake crypto exchanges impersonating UniSwap and PancakeSwap. During the reveal event of iPhone 13 in September, fraudsters got away with $69,000 by running a fake Bitcoin Ad on an equally fake iPhone website.
Notably, CPR says it began noticing such scams after people on Reddit and other online platforms complained about their accounts being siphoned. Vanunu adds;
The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets,
The majority of victims of these phishing scams are crypto newbies, though some experienced users have also fallen for them. To evade these pitfalls, CPR advises people to avoid clicking on Google Ads, focusing instead on the search results. Importantly, users ought to double-check the URLs of websites they are visiting.