There are a plethora of hazards in the cryptocurrency realm, with fraudsters lurking for newcomers and novices. A recent study by security firm Check Point Research highlighted a dangerous approach to attack: luring people to fake cryptocurrency wallets using Google Ads. CPR claims it has seen around 500,000 dollars stolen via these methods in the last few days, according to its report.
How does the crypto scam work?
Here’s how the scam works. In response to popular crypto wallets being searched, the attacker places Google Ads. According to CPR, scammers have targeted Phantom and MetaMask wallets, which are the most common wallet solutions for Solana and Ethereum networks, respectively.
When a user Googles the term “phantom,” the Google Ad result (which appears above real search results) directs them to a phishing website that appears to be genuine. Then, one of two things occurs: either the consumer submits their information, which the attacker keeps. Alternatively, if they attempt to make a new wallet and are instructed to use a recovery password, this might log them into the attacker’s wallet, not their own. “This implies that if they transfer any money, the attacker will acquire it straight away,” explains CPR.
Users are directed to fake web pages that mimic the real ones. These phony URLs deceive users into believing they’re logging into their crypto wallets.
The attackers employ many of the same methods as those used in traditional phishing attacks, such as creating realistic-looking fake login pages. CPR notes that they’ve seen attackers use fake URLs to trick users, directing them to phanton.app or phantonn.app, for example, instead of the correct phantom.app. The group has also witnessed similar phishing attacks directed toward unsuspecting users, such as PancakeSwap and UniSwap, which were used to lure people to phony cryptocurrency exchanges.
After hearing about cryptocurrency users complaining on Reddit and other forums, CPR’s experts say they began seeing these scams. They believe that “at least half a million dollars” has been stolen in the last few days.
“I believe we’re at the advent of a new cyber crime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email,” said CPR’s Oded Vanunu in a press statement. “The phishing websites where victims were directed to reflected meticulous copying and imitation of wallet brand messaging. And what’s most alarming is that multiple scammer groups are bidding for keywords on Google Ads, which is likely a signal of the success of these new phishing campaigns that are geared to heist crypto wallets.”
The article concludes by reiterating some important SEO best practices that every user should know, such as never clicking on Google Ads results but instead looking at search results, and always checking the website’s URL.
