Scammers use Google Ads to steal $ 500 from crypto wallets 

Scammers use Google Ads to steal $ 500 from crypto wallets - online scam 2Security firm Check-Point Research (CPR) recently released a report showing Google Ads as a potential low-profile form of scams. With these announcements, there were losses of over $ 500.000 last weekend, CPR says.

How the scam develops

To begin, attackers develop Google ads of popular crypto wallets, with names optimized to resemble the real wallet. The Phantom and Metamask wallets have been targeted as they are the most popular wallets for the Solana and Ethereum networks.

When people google the word “Phantom”, these fake ads appear just above the real Phantom wallet website. 

Clicking on these ads leads people to phishing websites designed to look as much like the real ones as possible. These URLs may, for example, have simple spelling differences for indirect users from authentic sites. Fake URLs include phanton.app or phantonn.app instead of the real phantom.app. The fact that such ads appear before actual sites only makes matters worse.

Careless users with existing wallets enter their login credentials, which the scammer keeps. Those who create new accounts are required to use a recovery password, which registers them in an account controlled by the scammer. Either way, users will later find that their accounts have been deleted from all funds.

Scams hidden behind Google Ads

CPR's Oded Vanunu in a press release said:

"I believe we are in the advent of a new trend in cybercrime, where scammers will use Google Search as the primary attack vector to reach crypto wallets, instead of traditional email phishing."

Similar phishing scams have been used to lead users to fake cryptocurrency exchanges impersonating UniSwap and PancakeSwap. During the event that unveiled the iPhone 13 in September, scammers managed to get away with stealing $ 69.000 after posting a fake Bitcoin Ad on an equally fake iPhone website. For this reason, we recommend that you only use official websites such as the one in Bitcoin system.

Specifically, CPR says it started noticing such scams after people on Reddit and other online platforms complained that their accounts had been stolen. Vanunu adds:

“The phishing websites that the victims were directed to offered a well-made copy and imitation of the messages of the wallet brands. And the most alarming thing is that more groups of scammers are bidding on keywords on Google Ads, which is probably a sign of the success of these new phishing campaigns which are geared towards robbing crypto wallets. "

Most of the victims of these phishing scams are cryptocurrency newbies, although some experienced users have been fooled anyway. To avoid these pitfalls, CPR advises people to avoid clicking on Google Ads, focusing on search results instead. Importantly, users should double-check the URLs of the websites they are visiting.