Google is promoting a phishing site that mimics OpenSea |
Motherboard Digital reported that Google searched OpenSea earlier this week for an NFT marketplace it named OpenSea, which led them to a phishing site.
The magazine concluded that the above site is a phishing site that aims to steal victims' digital wallets and appear at the top of search results as a paid advertisement via Google.
OpenSea is the most popular marketplace for buying and selling NFTs, which makes it a target for hackers who want to steal cryptocurrency or NFT.
When I searched for the word OpenSea on Google, the first result was a website that claimed to be the largest marketplace for NFT OpenSea. However, the URL points to opensun.io/open which is a slight modification of the actual website URL.
This link redirects the visitor to another page, this time at www-opeensea.io with WWW and E.
This site is very similar to the real OpenSea site. However, when you click on a link that appears to be a link through www-opeensea.io, visitors are asked to create a link to their digital wallet, be it a Coinbase wallet or something else.
It is assumed here that the person running this phishing site wants to access the digital wallet in an attempt to delete it. Google stopped showing phishing sites in search results after contacting digital magazines.
The domain name www-opeensea.io is registered with a company called NameSilo. NameSilo said that this domain name has not been reported before. We have now deleted the domain. The domain was registered on October 18, 2021 and the attack may have only started recently.
Google ads direct users to phishing sites
The OpenSea Marketplace stated that it was aware of the phishing site. "We will be vigilant in monitoring malicious and fraudulent websites and will act quickly to protect the community if we find them," a market spokesperson said. We recently became aware of their website and reported it to us immediately. Several hosts and administrators have since confirmed that the ad has been removed.
A Google spokesperson said, "This behavior directly violates our policy against phishing ads that attempt to mislead users. We have suspended the account and continue to actively implement these guidelines to prevent future misconduct."
Last week, researchers at online security firm Check Point published a blog post explaining how hackers use Google ads to run phishing sites targeting potential users of Phantom and MetaMask wallets. Check Point said the hackers stole at least $500,000.