Check Point Research security researchers estimate that fraudsters stole more than $500,000 in cryptocurrencies in only a few days over the weekend. The crypto fraud involves the use of Google Ads to direct unwary consumers to phishing websites.
According to Check Point, the crypto fraudsters/scammers use Google Ads that appear to be reputable wallet websites such as Phantom App or MetaMask. Scams impersonating cryptocurrency exchanges, such as Pancake Swap, were also discovered by researchers. Because they are adverts, they display above the real search results, so they are the first thing the victims see and seem quite convincing.
When consumers click the ad, they are taken to a webpage that is meant to seem as close to the official website as possible. Existing users are encouraged to sign in, which takes their credentials to be used later by the crooks. What’s more, while creating a new wallet, victims are offered with a passcode to an account controlled by the attackers. In other words, deposits are made straight to offenders without the need for them to do anything.
While the search results and web pages may appear legitimate, the URLs reveal the deception. CPR, for example, reported seeing multiple variations of the phantom.app domain, including phanton.app, phantonn.app, and even phantonn.pw. The URLs are obviously incorrect, yet some individuals may not notice.
Indeed, researchers observed that many people who were duped fell prey to these crypto fraudulent adverts and websites by cross-referencing Reddit postings from people who were cheated.
“We observed the theft of hundreds of thousands of dollars worth of cryptocurrency in a matter of days,” said Check Point’s Head of Products Vulnerabilities Research Oded Vanunu. “We believe that over $500k in cryptocurrency was taken only this past weekend. I believe we are on the verge of a new cybercrime trend in which crypto fraudsters will utilize Google Search as their primary attack vector to target crypto wallets rather than phishing via email.”
According to the experts, there has recently been an increase in these sorts of promoted phishing efforts. Multiple crypto fraudster organizations have made bids on Google Ads for cryptocurrency-related keywords. Check Point feels this demonstrates that the strategy has been effective enough to warrant more expenditure.
The main point here is to be extremely cautious and diligent when dealing with cryptocurrency wallets. Scammers already run false advertisements for regular financial institutions such as Wells Fargo, so why not for cryptocurrency? It’s new, and there are going to be more people who are less cautious with their crypto than they are with their banking websites.
When looking for crypto wallets, it’s best to avoid Google Ads in the search results. Use an ad blocker such as AdGuard or scroll down to the bottom of the page to see the true results. Pay attention to the URL and make sure it isn’t comprised of a creative spelling error, such as phantum.app, and be familiar with your extensions. The domain for MetaMask is metamask.io. Going to a result like metamask.com will almost certainly take you to a crypto fraud.
Check Point Software Technologies’ head of products vulnerability research, Oded Vanunu, told GOBankingRates that the amount taken is not unusual, and that Check Point believes the amount has grown since a couple additional hacker gangs came in.
ARTICLE SOURCES
Brain Tech Solution compels authors to rely on original sources to back up their claims. White documents, government statistics, original reporting, and interviews with industry experts are among them. Where applicable, we also cite original research from other credible publishers. In our editorial policy, you can learn more about the criteria we use to provide accurate, balanced information.
- News, Accessed Nov 5, 2021.
