Scammers wait for newcomers and beginners in the crypto realm, which is full of pitfalls. According to a recent analysis from security firm Check Point Research, one effective method of attack is to utilize Google Ads to send people to fake cryptocurrency wallets. CPR claimed in its study that in only the past few days, it has witnessed almost half a million dollars stolen out using various tactics.
This is how the con works. In response to searches for popular crypto wallets (software used to store cryptocurrencies, NFTs, and the like), the attacker purchases Google Ads. Scams targeting the Phantom and MetaMask wallets. Those are the most popular wallets for the Solana and Ethereum ecosystems, reported by CPR.
How scammers are stealing money:
When an unwary user types “phantom” into Google, the Google Ad result (which displays above genuine search results) takes them to a fake cryptocurrency website that looks exactly like the real thing. Then one of two things happen: either the user enters their credentials, which the attacker maintains. Or the attacker inputs their credentials, which the attacker keeps. Alternatively, if they try to establish a new wallet, they get an interface to enter a recovery password. That logs them into the attacker’s wallet, not their own. This implies that if they send money, the attacker will have it right away, according to CPR.
The attackers depend on making their bogus log-in sites appear as legitimate as possible. It is much like they do with phishing schemes in general. Attackers know how to deceive users by sending them to phanton.app or phantonn.app instead of the actual phantom.app, according to CPR. Similar phishing schemes have also been used to drive consumers to bogus cryptocurrency exchanges posing as real businesses such as PancakeSwap and UniSwap, according to the organization.
After witnessing crypto consumers complain about their losses on Reddit and other sites, CPR researchers began to notice these frauds. Over the last two days, they think that scammers have taken at least half a million dollars.
Oded Vanunu of CPR stated in a press release:
“I believe we’re at the advent of a new cybercrime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email.”
“The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets.”
Users who want to avoid these mistakes should never click on Google Ads results. Instead, look at search results, and always check the URL of the site they’re viewing.
1. Squid Game Cryptocurrency Might Be A Cryptocurrency Scam After All.
2. The new PayPal app includes features such as savings, bill payment, cryptocurrency, and shopping.
3. Eight Fake Cryptocurrency Mining Apps Removed From Play Store By Google.
4. Signal Messenger Starts Beta Testing For Doing Transactions via Cryptocurrency.
5. Bose Introduces QuietComfort 45 Headphones With Improved ANC.