Scammers are waiting for novices and newbies in the crypto world. Check Point Research recently released a report that highlighted a powerful form of attack. They use Google Ads to redirect users to fake crypto wallets. CPR reported that it had seen approximately half a million dollars stolen through these methods within the past few days.
Here's how it works. Google Ads are purchased by an attacker in response to popular searches for crypto wallets. This is the software that stores cryptocurrency, NFTs and the like. CPR claims it has seen scams targeting Phantom wallets and MetaMask wallets. These wallets are most popular in the Solana/Ethernet ecosystems.
This is a very common phishing scam
Googles phantom is a Google Ad result that appears above the actual search results. It directs the user to a fake website that looks exactly like the real thing. One of two things happen: the user enters their credentials, which the attacker keeps. They may also be asked to enter a recovery password if they want to create a new wallet. This logs them in to a wallet that is controlled by the attacker and not theirs. CPR says that if they transfer funds, the attacker will have them immediately.
The attackers are keen to make their fake log-in pages appear as authentic as possible, just like phishing scams. CPR reports that attackers have used fake URLs to fool users. They directed them to phanton.app and phantonn.app instead of the correct Phantom.app. Similar phishing scams have been used by the group to redirect users to fake cryptocurrency exchanges like UniSwap or PancakeSwap.
These scams were discovered by CPRs researchers after crypto users complained about losing their money on Reddit. In the last few days, they estimate that more than half a million dollars has been stolen.
In a press release, CPRs Oded vanunu stated that we are witnessing a new trend in cybercrime. This is where scammers will use Google Search to target crypto wallets instead of traditional email phishing. Victims were directed to phishing websites that reflected careful copying and imitating wallet brand messaging. What is most alarming, however, is the fact that scammers are bidding on keywords in Google Ads. This is likely to be a sign of the popularity of these new phishing campaign that is geared towards heisting crypto wallets.
This group shares some tips to help users avoid these pitfalls. They recommend that you never click on Google Ads results and instead look at search results. Also, make sure to always verify the URL of any site you visit.