In short: Security analysts at Check Point Research report that scammers stole over $ 500,000 in crypto in just a few days over the weekend. The scam consists of placing Google Ads in order to redirect unsuspecting victims to phishing sites.
Check Point Claims Scammers Place Google Ads developed to look like official wallet sites like Phantom App or MetaMask. Researchers have even seen scams mimicking crypto exchanges like Pancake Swap. Since these are advertisements, they appear above the actual search results, so they are the first thing victims see and look very convincing.
When users click on an ad, they are taken to a web page that is as close as possible to the official website. Existing users are prompted to sign in, which allows scammers to use their credentials later. What’s even more insidious is that the victims are provided with a passphrase for the account, which the attackers control when creating a new wallet. In other words, the deposits go straight to the criminals and they don’t have to do anything.
While search results and web pages may look quite truthful, URLs show scams. For example, CPR reported seeing several variations of the phantom.app domain, including phanton.app, phantonn.app, and even phantonn.pw. The URLs are clearly wrong, but some people may not notice.
Indeed, researchers linking to Reddit posts from people who were tricked found that many of them were victims of these deceptive ads and websites.
“In a matter of days, we witnessed the theft of hundreds of thousands of dollars worth of cryptocurrency,” said Oded Vanunu, head of Check Point Product Vulnerability Research. “According to our estimates, over the past weekend alone, more than $ 500,000 worth of cryptocurrencies were stolen. I believe we are on the cusp of a new cybercrime trend where scammers will use Google Search as their primary attack vector to reach crypto wallets, rather than traditionally phishing via email. “
The researchers note that they have seen an increase in these advertised phishing attempts lately. Several groups of scammers have placed bids on Google Ads on cryptocurrency-related keywords. Check Point believes this indicates that the method has proven to be effective enough for further investment.
The key takeaway here is to be very careful and vigilant when dealing with cryptocurrency wallets. Scammers are already posting fake ads for traditional banking institutions like Wells Fargo, so why not use cryptocurrency. This is relatively recent, and there are probably more people out there who are less careful with their cryptocurrency than they are with their banking websites.
Generally, when searching for cryptocurrency wallets, skip Google Ads in search results. Either use an ad blocker like AdGuard or scroll down to where the actual results start. Pay attention to the url and make sure it doesn’t contain a clever spelling mistake like phantum.app and know your extensions. The MetaMask domain is metamask.io. Getting a result like metamask.com can lead you to scam.