Scammers steal more than $500,000 using Google Ads for fake crypto wallets

Cal Jeffrey

Posts: 3,463   +1,034
Staff member
In brief: Security analysts at Check Point Research report that scammers have ripped off more than $500,000 in cryptocurrency in just a few days over the weekend. The scam involves placing Google Ads to funnel unsuspecting victims to phishing sites.

Check Point says the scammers place Google Ads designed to look like official wallet websites like Phantom App or MetaMask. Researchers even saw scams mimicking crypto exchanges such as Pancake Swap. Since these are advertisements, they appear above the actual search results, so they are the first thing the victims see and are very convincing in appearance.

Clicking the ad takes users to a webpage designed to look as close to the official website as possible. Existing users are prompted to sign in, which steals their credentials for the scammers to use later. What is more insidious is that victims are presented with a passphrase to an account that the attackers control when creating a new wallet. In other words, deposits go directly to the criminals without them having to do anything.

While the search results and web pages might look genuine enough, the URLs give the scams away. For example, CPR said it saw several variants for the phantom.app domain, including phanton.app, phantonn.app, and even phantonn.pw. The URLs are clearly wrong, but some people might not notice.

Indeed, researchers cross-referencing Reddit posts from people who got scammed discovered many of them fell victim to these deceptive ads and websites.

"In a matter of days, we witnessed the theft of hundreds of thousands of dollars worth of crypto," said Check Point's Head of Products Vulnerabilities Research Oded Vanunu. "We estimate that over $500k worth of cyrpto was stolen this past weekend alone. I believe we're at the advent of a new cyber crime trend, where scammers will use Google Search as a primary attack vector to reach crypto wallets, instead of traditionally phishing through email."

The researchers note they have seen a rise in these types of advertised phishing attempts recently. Multiple scammer groups have placed bids with Google Ads for keywords related to cryptocurrency. Check Point believes this indicates the method has proven effective enough for further investment.

The key takeaway here is to be very careful and vigilant when dealing with crypto wallets. Scammers already place fake ads for traditional banking institutions like Wells Fargo, so why not for crypto. It's relatively new, and there are likely more people who are less careful with their crypto than they are when dealing with their banking websites.

As a general rule of thumb when looking for crypto wallets, skip Google Ads in your search results. Either use an ad blocker like AdGuard or scroll down to where the actual results begin. Pay attention to the URL, and be sure that it's not composed with a clever spelling error like phantum.app, and know your extensions. MetaMask's domain is metamask.io. Going to a result like metamask.com is likely to lead you to a scam.

Permalink to story.

 

kiwigraeme

Posts: 993   +743
If I had millions in BC wouldn't trust an online wallet , nor would I trust an offline one needing an internet connection - It would be air-bridged .

In fact I would just use a std zip/rar on stored by long password ( just buy or use 2 top of the line general purpose encryptors, encrypted twice by each one ) - Even if unencrypted - the key would still be hidden in plain site .

Maybe this is my CVV pin - Roger (212) 751 4862- what is it? the complement of 486? eg 624
Probably not. Is it the 1st 3rd & 5th numbers 225 or it's complement backwards 588?

Your online one will just be limited to what you want to spend .

TBF - most of those wallets were probably only $1000 . Big players would have to be seriously stupid to get fooled
 

scavengerspc

Posts: 2,396   +2,545
TechSpot Elite
If I had millions in BC wouldn't trust an online wallet , nor would I trust an offline one needing an internet connection - It would be air-bridged .

In fact I would just use a std zip/rar on stored by long password ( just buy or use 2 top of the line general purpose encryptors, encrypted twice by each one ) - Even if unencrypted - the key would still be hidden in plain site .

Maybe this is my CVV pin - Roger (212) 751 4862- what is it? the complement of 486? eg 624
Probably not. Is it the 1st 3rd & 5th numbers 225 or it's complement backwards 588?

Your online one will just be limited to what you want to spend .

TBF - most of those wallets were probably only $1000 . Big players would have to be seriously stupid to get fooled
My stockbroker handled everything for me. She used what she called a cold wallet. I don't have a clue of the details, but she put my keys on 4 flash drives and did 2 print-outs of the keys for everything I had. She gave me 2 of the drives and one print-out, and she kept and stored the others.
 

wiyosaya

Posts: 7,526   +6,365
My stockbroker handled everything for me. She used what she called a cold wallet. I don't have a clue of the details, but she put my keys on 4 flash drives and did 2 print-outs of the keys for everything I had. She gave me 2 of the drives and one print-out, and she kept and stored the others.
As I see it, the trouble is not with people like you who know what they are doing, the trouble with "offers" like this is for people who think that it is a get-rich quick scheme. Such people check their BS detectors on their night-stand when they get up. IMO, this just drives home the point that humanity's economic systems are far from fair especially to those who are on the lowest rungs of the "have" category.
 

kiwigraeme

Posts: 993   +743
My stockbroker handled everything for me. She used what she called a cold wallet. I don't have a clue of the details, but she put my keys on 4 flash drives and did 2 print-outs of the keys for everything I had. She gave me 2 of the drives and one print-out, and she kept and stored the others.
As I was writing my system - realised it's no good for inheritance - your system handles that . I would use a professional - that has to pay into an indemnity fund - to protect from Prof. stealing assets. A couple of bodies have this in NZ . Suppose if you had lots - you could do what big companies do - and need at least 2 employees - in your case 2 professionals - or get insurance