Cryptocurrency theft in Google Ads |
A recent report by security firm Check Point Research has highlighted a new form of crypto theft attack that uses Google ads to direct users to fake crypto wallets.
Check Point Research said in its report that in the past few days alone, it has been discovered that nearly $500,000 has been embezzled through these methods.
Scammers placed ads at the top of Google searches by mimicking popular brands of cryptocurrency wallets and tricking users into providing wallet passwords and private keys.
Last weekend, the company noted that scammers are stealing hundreds of thousands of dollars in cryptocurrency from wallets.
To lure victims, scammers place Google ads through searches that mimic popular wallets and platforms.
Each ad contains a malicious link that directs the victim to a phishing website that duplicates the brand and information of the original wallet site. The scammer tricks the victim into giving the password of the wallet that is stealing the wallet.
Phishing activities usually originate from email. But it appears to be a new trend: Attackers run ads targeting wallet related keywords in Google Ads while using Google Search as an attack method to attack the victim's crypto wallet.
Tips for hunting in Google search results
Scammers place Google ads first in search queries about cryptocurrency wallets. The victim clicks on a malicious link in Google Ads. The victim was directed to a phishing website identical to the original wallet site.
If you have a wallet, the fake website will try to steal your password or provide you with a new password for a newly created wallet. Either way, scammers can get into your wallet and steal all your cryptocurrency.
Identical to the general phishing scam. Attackers try to make the fake login page as real as possible.
Check Point Research indicated that attackers used spoofed URLs to deceive users. and redirect them to phanton.app or phantonn.app , for example, instead of the correct phantom.app.
He has also seen similar scams used to lead users to fake cryptocurrency platforms, including PancakeSwap and UniSwap.